oss-sec mailing list archives
CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 24 Jun 2013 10:46:59 -0400 (EDT)
Hello Kurt, Steve, vendors, A persistent / stored cross-site scripting (XSS) flaw was found in the way reviews dropdown of Review Board, a web-based code review tool, performed sanitization of certain user information (full name). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution in the context of Review Board user's session. References: [1] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/ [2] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/ [3] http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/ [4] https://bugzilla.redhat.com/show_bug.cgi?id=977423 Upstream patch: [5] https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf Upstream acknowledges Craig Young at Tripwire as the original issue reporter. Can you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Jan Lieskovsky (Jun 24)