oss-sec mailing list archives

CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 24 Jun 2013 10:46:59 -0400 (EDT)

Hello Kurt, Steve, vendors,

  A persistent / stored cross-site scripting (XSS) flaw was found in
the way reviews dropdown of Review Board, a web-based code review tool,
performed sanitization of certain user information (full name). A remote
attacker could provide a specially-crafted URL that, when visited would
lead to arbitrary HTML or web script execution in the context of
Review Board user's session.

References:
[1] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
[2] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/
[3] http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/
[4] https://bugzilla.redhat.com/show_bug.cgi?id=977423

Upstream patch:
[5] https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf

Upstream acknowledges Craig Young at Tripwire as the original issue reporter.

Can you allocate a CVE identifier for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Jan Lieskovsky (Jun 24)
- Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Kurt Seifried (Jun 24)