ReviewBoard: cross-site scripting
| Package(s): | ReviewBoard | CVE #(s): | CVE-2013-2209 | ||||||||
| Created: | July 8, 2013 | Updated: | July 10, 2013 | ||||||||
| Description: | From the Red Hat bugzilla:
A persistent / stored cross-site scripting (XSS) flaw was found in the way reviews dropdown of Review Board, a web-based code review tool, performed sanitization of certain user information (full name). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution in the context of Review Board user's session. See the Review Board announcement for additional information. | ||||||||||
| Alerts: |
| ||||||||||