Date: Tue, 15 Nov 2011 08:59:58 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, Christian Hammond <chipx86@...px86.com> Subject: Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) On 11/15/2011 06:51 AM, Jan Lieskovsky wrote: > Hello Kurt, Steve, vendors, > > a cross-site scripting (XSS) flaw was found in the way the commenting > system of the ReviewBoard, a web-based code review tool, sanitized user > input (new comments to be loaded). A remote attacker could provide a > specially-crafted URL, which once visited by valid ReviewBoard user > could lead to arbitrary HTML or web script execution in the 'diff > viewer' or 'screenshot pages' components. > > References: >  http://www.reviewboard.org/news/ >  http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/ >  https://bugzilla.redhat.com/show_bug.cgi?id=754126 > > Relevant upstream patch: >  > https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d > > Could you allocate a CVE id for this? > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team > > P.S.: Cc-ed Christian Hammond, who committed change  to the > upstream Git repository too, so they could update CVE id > in their advisory, if / where needed. Please use CVE-2011-4312 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ