Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4312

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4312
Last Modified 13 Feb 2013 11:46:05
Published 23 Nov 2011 11:01:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4312

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

Vulnerable Systems

Application

  • Reviewboard Review Board 1.0

  • Reviewboard Review Board 1.0.1

  • Reviewboard Review Board 1.0.2

  • Reviewboard Review Board 1.0.3

  • Reviewboard Review Board 1.0.4

  • Reviewboard Review Board 1.0.5

  • Reviewboard Review Board 1.0.5.1

  • Reviewboard Review Board 1.0.6

  • Reviewboard Review Board 1.0.7

  • Reviewboard Review Board 1.0.8

  • Reviewboard Review Board 1.0.9

  • Reviewboard Review Board 1.1

  • Reviewboard Review Board 1.5

  • Reviewboard Review Board 1.5.1

  • Reviewboard Review Board 1.5.2

  • Reviewboard Review Board 1.5.3

  • Reviewboard Review Board 1.5.4

  • Reviewboard Review Board 1.5.5

  • Reviewboard Review Board 1.5.6

  • Reviewboard Review Board 1.6

  • Reviewboard Review Board 1.6.1

  • Reviewboard Review Board 1.6.2


References

CONFIRM - https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=754126

CONFIRM - http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/

MLIST - [oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)

MLIST - [oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)

SECUNIA - 46840

BID - 50681

FEDORA - FEDORA-2011-15935

FEDORA - FEDORA-2011-15933


Last Updated: 27 May 2016 11:00:18