BIT-reviewboard-2021-31330
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/reviewboard/BIT-reviewboard-2021-31330.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-reviewboard-2021-31330
- Aliases
-
- CVE-2021-31330
- Published
- 2024-01-31T15:23:15.886Z
- Modified
- 2024-02-19T10:36:29.170Z
- Summary
- [none]
- Details
-
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
- Database specific
{ "cpes": [ "cpe:2.3:a:reviewboard:review_board:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:reviewboard:review_board:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:reviewboard:review_board:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:reviewboard:review_board:4.0:rc1:*:*:*:*:*:*" ], "severity": "Medium" }- References
-
- https://mattschmidt.net/2021/04/14/review-board-xss-discovered/
- https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/
- https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/
- https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/
Affected packages
Bitnami / reviewboard
Package
- Name
- reviewboard
- Purl
- pkg:bitnami/reviewboard
Severity
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator