NotCVE - vendor:"Reviewboard" product:"Review Board" version:"

Page 2 of 7 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 1

CVE-2013-2209

https://notcve.org/view.php?id=CVE-2013-2209

Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name. Vulnerabilidad XSS en el widget de autocompletado en enhtdocs/media/rb/js/reviews.js en Review Board 1.6.x anteior a 1.6.17 y 1.7.x anterior a 1.7.10, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre completo. • http://www.openwall.com/lists/oss-security/2013/06/24/2 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10 http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard https://bugzilla.redhat.com/show_bug.cgi?id=977423 https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0

CVE-2011-4312

https://notcve.org/view.php?id=CVE-2011-4312

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el sistema de comentarios de Review Board antes de v1.5.7 y 1.6.x antes de v1.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican los componentes (1) diff viewer o (2) screenshot • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html http://secunia.com/advisories/46840 http://www.openwall.com/lists/oss-security/2011/11/15/8 http://www.openwall.com/lists/oss-security/2011/11/15/9 http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3 http://www.securityfocus.com/bid/50681 https://bugzilla.redhat.com/show_bug.cgi?id=754126 https:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2