A persistent / stored cross-site scripting (XSS) flaw was found in
the way reviews dropdown of Review Board, a web-based code review tool,
performed sanitization of certain user information (full name). A remote
attacker could provide a specially-crafted URL that, when visited would
lead to arbitrary HTML or web script execution in the context of
Review Board user's session.
References:
[1] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
[2] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/
[3] http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/
[4] https://bugzilla.redhat.com/show_bug.cgi?id=977423
Upstream patch:
[5] https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf
Upstream acknowledges Craig Young at Tripwire as the original issue reporter.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team