CVE-2013-2209
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
31/07/2013
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:reviewboard:review_board:1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:reviewboard:review_board:1.6.10:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2013/06/24/2
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
- http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/
- http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard
- https://bugzilla.redhat.com/show_bug.cgi?id=977423
- https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf
- http://www.openwall.com/lists/oss-security/2013/06/24/2
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
- http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/
- http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard
- https://bugzilla.redhat.com/show_bug.cgi?id=977423
- https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf