Vulnerability Details CVE-2014-5027
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://seclists.org/oss-sec/2014/q3/207
- http://seclists.org/oss-sec/2014/q3/219
- http://secunia.com/advisories/60243
- http://www.securityfocus.com/bid/68858
- https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
- https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
- https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases
- http://seclists.org/oss-sec/2014/q3/207
- http://seclists.org/oss-sec/2014/q3/219
- http://secunia.com/advisories/60243
- http://www.securityfocus.com/bid/68858
- https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
- https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
- https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases
Products affected by CVE-2014-5027
-
cpe:2.3:a:reviewboard:review_board:1.7.0
-
cpe:2.3:a:reviewboard:review_board:1.7.0.1
-
cpe:2.3:a:reviewboard:review_board:1.7.1
-
cpe:2.3:a:reviewboard:review_board:1.7.10
-
cpe:2.3:a:reviewboard:review_board:1.7.11
-
cpe:2.3:a:reviewboard:review_board:1.7.12
-
cpe:2.3:a:reviewboard:review_board:1.7.13
-
cpe:2.3:a:reviewboard:review_board:1.7.14
-
cpe:2.3:a:reviewboard:review_board:1.7.15
-
cpe:2.3:a:reviewboard:review_board:1.7.16
-
cpe:2.3:a:reviewboard:review_board:1.7.17
-
cpe:2.3:a:reviewboard:review_board:1.7.18
-
cpe:2.3:a:reviewboard:review_board:1.7.19
-
cpe:2.3:a:reviewboard:review_board:1.7.2
-
cpe:2.3:a:reviewboard:review_board:1.7.20
-
cpe:2.3:a:reviewboard:review_board:1.7.21
-
cpe:2.3:a:reviewboard:review_board:1.7.22
-
cpe:2.3:a:reviewboard:review_board:1.7.23
-
cpe:2.3:a:reviewboard:review_board:1.7.24
-
cpe:2.3:a:reviewboard:review_board:1.7.25
-
cpe:2.3:a:reviewboard:review_board:1.7.26
-
cpe:2.3:a:reviewboard:review_board:1.7.3
-
cpe:2.3:a:reviewboard:review_board:1.7.4
-
cpe:2.3:a:reviewboard:review_board:1.7.5
-
cpe:2.3:a:reviewboard:review_board:1.7.6
-
cpe:2.3:a:reviewboard:review_board:1.7.7
-
cpe:2.3:a:reviewboard:review_board:1.7.8
-
cpe:2.3:a:reviewboard:review_board:1.7.9
-
cpe:2.3:a:reviewboard:review_board:2.0
-
cpe:2.3:a:reviewboard:review_board:2.0.1
-
cpe:2.3:a:reviewboard:review_board:2.0.2
-
cpe:2.3:a:reviewboard:review_board:2.0.3