A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
References
Link | Resource |
---|---|
https://mattschmidt.net/2021/04/14/review-board-xss-discovered/ | Exploit Third Party Advisory |
https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/ | Release Notes Vendor Advisory |
https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/ | Release Notes Vendor Advisory |
https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-11T17:34:27
Updated: 2022-05-11T17:34:27
Reserved: 2021-04-15T00:00:00
Link: CVE-2021-31330
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-11T18:15:22.303
Modified: 2022-05-20T14:19:38.790
Link: CVE-2021-31330
JSON object: View
Redhat Information
No data.
CWE