Review Board up to 3.0.20/4.0 RC1 Markdown cross site scripting

A vulnerability was found in Review Board up to 3.0.20/4.0 RC1 (Forum Software). It has been classified as problematic. Affected is an unknown functionality of the component Markdown Handler. Upgrading to version 3.0.21 or 4.0 RC2 eliminates this vulnerability. The upgrade is hosted for download at reviewboard.org.

Field05/12/2022 12:57 PM05/14/2022 05:17 PM
nameReview BoardReview Board
version<=3.0.20/4.0 RC1<=3.0.20/4.0 RC1
componentMarkdown HandlerMarkdown Handler
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://mattschmidt.net/2021/04/14/review-board-xss-discovered/https://mattschmidt.net/2021/04/14/review-board-xss-discovered/
confirm_urlhttps://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/
nameUpgradeUpgrade
upgrade_version3.0.21/4.0 RC23.0.21/4.0 RC2
upgrade_urlhttps://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/
cveCVE-2021-31330CVE-2021-31330
cve_assigned16184376001618437600
date1652306400 (05/12/2022)1652306400 (05/12/2022)
typeForum SoftwareForum Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore3.53.5
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_nvd_summaryA Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.

Do you need the next level of professionalism?

Upgrade your account now!