oss-sec mailing list archives
Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 24 Jun 2013 09:38:16 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/24/2013 08:46 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, A persistent / stored cross-site scripting (XSS) flaw was found in the way reviews dropdown of Review Board, a web-based code review tool, performed sanitization of certain user information (full name). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution in the context of Review Board user's session. References: [1] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/ [2] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/ [3] http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/
[4] https://bugzilla.redhat.com/show_bug.cgi?id=977423
Upstream patch: [5] https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf Upstream acknowledges Craig Young at Tripwire as the original issue reporter. Can you allocate a CVE identifier for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2013-2209 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRyGfoAAoJEBYNRVNeJnmTB8sQANp8mi2I7PKBGxCpb4PSWsDR QP04iByU0D0xlGZbgGn7SJwws31n3uvWeDUYSTuG0Kvaqyi64rLcmRb2gN3onqzo eO0+RYQryDl59mjUsIftUjyjL+DJ9fXLs37Zlfb9i0Q1tOCTBKd311vwLXqi+PSl mQck+lADiac1njdcIx9xTr4Zufg3oJyw9P9QpkC3zAd3WbAQM/S3E7yBNCZLVoBf LEO8Il/UTo8OoWKcQ+eSSlE2YNwz0ZULrti6iAkK5WClFdmGcg8fHuFokFn2On/+ IVaJYOZk9rhXR+KlPSSDtMf90026gYMP2fb7TpzsNOJYzxj4eERrEW+rFUgVMIMM +gUbo9p1ML0zSnfBRx9gZPOQ+F2/hQcfbWu2MncqBK3ApvnvPPZgUR3jhNCfu6IQ Y/j9cU9HK0/EOpIvze/986mMHDu7DBOt61Q3tC72jHx4bP9xnVxqI4LWobqb6GLP xYlH3QFP+SKpxNA7KWuDQsLSUXU5pEz/lkFi1bcDL7l4rZ326KDTBUsBpG7cOdP5 J5REuW/lubaMrgTTiWS4erBGZhE5T5Und3j9Hh/vyHyJxml9WlEjsrltK6elh37R RQymb/QLhN29CKZcBJbQlf2cQIS9k13C+WwIlceBxgy0oIe0H6mxp6OqLneCu87w Dq0IYynHAU/we26y43LG =F+nO -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Jan Lieskovsky (Jun 24)
- Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Kurt Seifried (Jun 24)