FKIE_CVE-2014-5027

Vulnerability from fkie_nvd - Published: 2014-07-25 19:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
References
cve@mitre.orghttp://seclists.org/oss-sec/2014/q3/207
cve@mitre.orghttp://seclists.org/oss-sec/2014/q3/219
cve@mitre.orghttp://secunia.com/advisories/60243
cve@mitre.orghttp://www.securityfocus.com/bid/68858
cve@mitre.orghttps://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27Vendor Advisory
cve@mitre.orghttps://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4Vendor Advisory
cve@mitre.orghttps://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releasesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q3/207
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q3/219
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60243
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68858
af854a3a-2127-422b-91ae-364da2661108https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releasesVendor Advisory
Impacted products
Vendor Product Version
reviewboard review_board 2.0
reviewboard review_board 2.0
reviewboard review_board 2.0
reviewboard review_board 2.0
reviewboard review_board 2.0
reviewboard review_board 2.0
reviewboard review_board 2.0
reviewboard review_board 2.0.1
reviewboard review_board 2.0.2
reviewboard review_board 2.0.3
reviewboard review_board 1.7.0
reviewboard review_board 1.7.0.1
reviewboard review_board 1.7.1
reviewboard review_board 1.7.2
reviewboard review_board 1.7.3
reviewboard review_board 1.7.4
reviewboard review_board 1.7.5
reviewboard review_board 1.7.6
reviewboard review_board 1.7.7
reviewboard review_board 1.7.8
reviewboard review_board 1.7.9
reviewboard review_board 1.7.10
reviewboard review_board 1.7.11
reviewboard review_board 1.7.12
reviewboard review_board 1.7.13
reviewboard review_board 1.7.14
reviewboard review_board 1.7.15
reviewboard review_board 1.7.16
reviewboard review_board 1.7.17
reviewboard review_board 1.7.18
reviewboard review_board 1.7.19
reviewboard review_board 1.7.20
reviewboard review_board 1.7.21
reviewboard review_board 1.7.22
reviewboard review_board 1.7.23
reviewboard review_board 1.7.24
reviewboard review_board 1.7.25
reviewboard review_board 1.7.26
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E56EC613-1F0B-4BDD-83B8-19C85353CF6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3939A9D4-204F-4DD7-A0A9-F3DDB5D658E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "A8DD6584-2D96-42B0-9E8B-72B7B6479302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "F7B45337-2478-4A5F-9E53-796D6471200A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D393183F-1D7B-47E2-B1B5-DBC822DBE37D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D955D7C6-D261-4261-AAC1-8E5D8A9B2ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C8F11C25-7146-4061-9391-17C02AF360EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03562043-9625-4FF6-9D18-206EC78F925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4551E9D3-7F3D-4783-9C6E-8E332BD62E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF24BDC-D464-40B2-9D15-C6A30AF6699D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4CB38D-0D63-4C6A-8C8C-062BF0BEC170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "574DB13E-0396-4721-869C-360A9AEF533E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98991C6-FF3E-4B7B-95A2-481B6AC63727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23409449-A779-470C-91D9-F59F2A9EE888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "281B1D75-D46D-4665-8CEF-84B8126DC251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7594F58E-6992-4100-BBEE-607BA0E31672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA83FB56-1AC2-4F31-B31E-D25317AD8DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "515B9F24-E857-420B-A9DB-1E0BE3E622B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1B65A9-F2DE-4FBC-B63A-E835B77A0D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "127661C5-6A2C-4A26-A882-D819B30C5430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00653376-87FB-403B-8753-95D2907FDEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EB750D7-57E1-4519-A264-7D3BA92EE553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2544E489-25ED-4AE2-BF0E-6E9787AD1B98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB6AF37-3FDF-4945-97A8-16297CCDD9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7252E236-276E-4AA4-B02F-1DBF33F714F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "308257B1-ABAC-4D21-8C21-B9C90AC5A859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77E34DC-5038-46C4-9D27-EAADC6140976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA9C1FEE-095F-4835-8824-D0D912395618",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E156037-508F-425D-A237-3D1454BC140E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5966398-A84D-4FA6-80D1-2C590F2192DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A2EB5C-99F4-4E89-AD07-5D704BEEB09F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5D3754-CDCA-47D9-AEFF-65C4196726D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FB98A8-D105-469A-93AE-EE3A7DA95DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F7EE09C-B289-4771-9EAD-60F79EC9FD1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DC09803-8080-4BB5-9E5B-D1AB7217E682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3758F92-B753-4AC1-B115-7CCB6B7C1ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "10BAD622-28B6-4829-935E-E9D4C058F5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:reviewboard:review_board:1.7.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B095C2E-FAD9-4063-9F2E-7EF400209E64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Review Board 1.7.x anterior a 1.7.27 y 2.0.x anterior a 2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro de consulta en una p\u00e1gina de fragmento diferente."
    }
  ],
  "id": "CVE-2014-5027",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-25T19:55:04.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q3/207"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q3/219"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/60243"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/68858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q3/207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q3/219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.