Описание
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:reviewboard:review_board:3.0.20:*:*:*:*:*:*:*
cpe:2.3:a:reviewboard:review_board:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:reviewboard:review_board:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:reviewboard:review_board:4.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00589
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
больше 3 лет назад
A Cross-Site Scripting (XSS) vulnerability exists within Review Board ...
CVSS3: 5.4
github
больше 3 лет назад
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
EPSS
Процентиль: 69%
0.00589
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79