Lucene search

[email protected]NVD:CVE-2014-5027

HistoryJul 25, 2014 - 7:55 p.m.

CVE-2014-5027

2014-07-2519:55:04

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

Affected configurations

Nvd

Node

reviewboardreview_boardMatch2.0

reviewboardreview_boardMatch2.0beta1

reviewboardreview_boardMatch2.0beta2

reviewboardreview_boardMatch2.0beta3

reviewboardreview_boardMatch2.0rc1

reviewboardreview_boardMatch2.0rc2

reviewboardreview_boardMatch2.0rc3

reviewboardreview_boardMatch2.0.1

reviewboardreview_boardMatch2.0.2

reviewboardreview_boardMatch2.0.3

Node

reviewboardreview_boardMatch1.7.0

reviewboardreview_boardMatch1.7.0.1

reviewboardreview_boardMatch1.7.1

reviewboardreview_boardMatch1.7.2

reviewboardreview_boardMatch1.7.3

reviewboardreview_boardMatch1.7.4

reviewboardreview_boardMatch1.7.5

reviewboardreview_boardMatch1.7.6

reviewboardreview_boardMatch1.7.7

reviewboardreview_boardMatch1.7.8

reviewboardreview_boardMatch1.7.9

reviewboardreview_boardMatch1.7.10

reviewboardreview_boardMatch1.7.11

reviewboardreview_boardMatch1.7.12

reviewboardreview_boardMatch1.7.13

reviewboardreview_boardMatch1.7.14

reviewboardreview_boardMatch1.7.15

reviewboardreview_boardMatch1.7.16

reviewboardreview_boardMatch1.7.17

reviewboardreview_boardMatch1.7.18

reviewboardreview_boardMatch1.7.19

reviewboardreview_boardMatch1.7.20

reviewboardreview_boardMatch1.7.21

reviewboardreview_boardMatch1.7.22

reviewboardreview_boardMatch1.7.23

reviewboardreview_boardMatch1.7.24

reviewboardreview_boardMatch1.7.25

reviewboardreview_boardMatch1.7.26

VendorProductVersionCPE
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:*:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:beta1:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:beta2:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:beta3:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:rc1:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:rc2:*:*:*:*:*:*
reviewboardreview_board2.0cpe:2.3:a:reviewboard:review_board:2.0:rc3:*:*:*:*:*:*
reviewboardreview_board2.0.1cpe:2.3:a:reviewboard:review_board:2.0.1:*:*:*:*:*:*:*
reviewboardreview_board2.0.2cpe:2.3:a:reviewboard:review_board:2.0.2:*:*:*:*:*:*:*
reviewboardreview_board2.0.3cpe:2.3:a:reviewboard:review_board:2.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:::::::*
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:beta1::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:beta2::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:beta3::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:rc1::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:rc2::::::
reviewboard	review_board	2.0	cpe:2.3:a:reviewboard:review_board:2.0:rc3::::::
reviewboard	review_board	2.0.1	cpe:2.3:a:reviewboard:review_board:2.0.1:::::::*
reviewboard	review_board	2.0.2	cpe:2.3:a:reviewboard:review_board:2.0.2:::::::*
reviewboard	review_board	2.0.3	cpe:2.3:a:reviewboard:review_board:2.0.3:::::::*