Описание
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-31330
- https://mattschmidt.net/2021/04/14/review-board-xss-discovered
- https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21
- https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2
- https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker
Связанные уязвимости
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
A Cross-Site Scripting (XSS) vulnerability exists within Review Board ...