Lucene search

MitreCVE-2014-5027

HistoryJul 25, 2014 - 7:55 p.m.

CVE-2014-5027

2014-07-2519:55:04

CWE-79

mitre

web.nvd.nist.gov

cve-2014-5027

cross-site scripting

xss

review board

remote attackers

web script

html

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

Affected configurations

Nvd

Node

reviewboardreview_boardMatch2.0

reviewboardreview_boardMatch2.0beta1

reviewboardreview_boardMatch2.0beta2

reviewboardreview_boardMatch2.0beta3

reviewboardreview_boardMatch2.0rc1

reviewboardreview_boardMatch2.0rc2

reviewboardreview_boardMatch2.0rc3

reviewboardreview_boardMatch2.0.1

reviewboardreview_boardMatch2.0.2

reviewboardreview_boardMatch2.0.3

Node

reviewboardreview_boardMatch1.7.0

reviewboardreview_boardMatch1.7.0.1

reviewboardreview_boardMatch1.7.1

reviewboardreview_boardMatch1.7.2

reviewboardreview_boardMatch1.7.3

reviewboardreview_boardMatch1.7.4

reviewboardreview_boardMatch1.7.5

reviewboardreview_boardMatch1.7.6

reviewboardreview_boardMatch1.7.7

reviewboardreview_boardMatch1.7.8

reviewboardreview_boardMatch1.7.9

reviewboardreview_boardMatch1.7.10

reviewboardreview_boardMatch1.7.11

reviewboardreview_boardMatch1.7.12

reviewboardreview_boardMatch1.7.13

reviewboardreview_boardMatch1.7.14

reviewboardreview_boardMatch1.7.15

reviewboardreview_boardMatch1.7.16

reviewboardreview_boardMatch1.7.17

reviewboardreview_boardMatch1.7.18

reviewboardreview_boardMatch1.7.19

reviewboardreview_boardMatch1.7.20

reviewboardreview_boardMatch1.7.21

reviewboardreview_boardMatch1.7.22

reviewboardreview_boardMatch1.7.23

reviewboardreview_boardMatch1.7.24

reviewboardreview_boardMatch1.7.25

reviewboardreview_boardMatch1.7.26

VendorProductVersionCPE
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:*:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:beta1:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:beta2:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:beta3:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:rc1:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:rc2:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:rc3:*:*:*:*:*:*
reviewboardreview_board2.0.1cpe:2.3:a:reviewboard:review_board:2.0.1:*:*:*:*:*:*:*
reviewboardreview_board2.0.2cpe:2.3:a:reviewboard:review_board:2.0.2:*:*:*:*:*:*:*
reviewboardreview_board2.0.3cpe:2.3:a:reviewboard:review_board:2.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:::::::*
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:beta1::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:beta2::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:beta3::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:rc1::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:rc2::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:rc3::::::
reviewboard	review_board	2.0.1	cpe:2.3:a:reviewboard:review_board:2.0.1:::::::*
reviewboard	review_board	2.0.2	cpe:2.3:a:reviewboard:review_board:2.0.2:::::::*
reviewboard	review_board	2.0.3	cpe:2.3:a:reviewboard:review_board:2.0.3:::::::*

Rows per page:

1-10 of 381

References

seclists.org/oss-sec/2014/q3/207

seclists.org/oss-sec/2014/q3/219

secunia.com/advisories/60243

www.securityfocus.com/bid/68858

www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27

www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4

www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Related for CVE-2014-5027