Review Board x<1.7.10, x<1.6.17 Stored XSS

2013-06-24 / 2013-06-25
Credit: Jan iankko Lieskovsky
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2013-2209
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

A persistent / stored cross-site scripting (XSS) flaw was found in the way reviews dropdown of Review Board, a web-based code review tool, performed sanitization of certain user information (full name). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution in the context of Review Board user's session. References: [1] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/ [2] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/ [3] http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/ [4] https://bugzilla.redhat.com/show_bug.cgi?id=977423 Upstream patch: [5] https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf Upstream acknowledges Craig Young at Tripwire as the original issue reporter. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team

References:

http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/
http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/
https://bugzilla.redhat.com/show_bug.cgi?id=977423
http://seclists.org/oss-sec/2013/q2/610


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top