CVE-2011-4312

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html
http://secunia.com/advisories/46840
http://www.openwall.com/lists/oss-security/2011/11/15/8
http://www.openwall.com/lists/oss-security/2011/11/15/9
http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/
http://www.securityfocus.com/bid/50681
https://bugzilla.redhat.com/show_bug.cgi?id=754126
https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

14-02-2013 - 04:46

Objavljeno

24-11-2011 - 04:01