CVE-2011-4312 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
reviewboard	review_board	𝑥 ≤ 1.5.6
reviewboard	review_board	1.0
reviewboard	review_board	1.0:alpha1
reviewboard	review_board	1.0:alpha2
reviewboard	review_board	1.0:alpha3
reviewboard	review_board	1.0:alpha4
reviewboard	review_board	1.0:beta1
reviewboard	review_board	1.0:beta2
reviewboard	review_board	1.0:rc1
reviewboard	review_board	1.0:rc2
reviewboard	review_board	1.0:rc3
reviewboard	review_board	1.0.1
reviewboard	review_board	1.0.2
reviewboard	review_board	1.0.3
reviewboard	review_board	1.0.4
reviewboard	review_board	1.0.5
reviewboard	review_board	1.0.5.1
reviewboard	review_board	1.0.6
reviewboard	review_board	1.0.7
reviewboard	review_board	1.0.8
reviewboard	review_board	1.0.9
reviewboard	review_board	1.1:alpha1
reviewboard	review_board	1.1:alpha2
reviewboard	review_board	1.5
reviewboard	review_board	1.5:beta1
reviewboard	review_board	1.5:beta2
reviewboard	review_board	1.5:rc1
reviewboard	review_board	1.5:rc2
reviewboard	review_board	1.5.1
reviewboard	review_board	1.5.2
reviewboard	review_board	1.5.3
reviewboard	review_board	1.5.4
reviewboard	review_board	1.5.5
reviewboard	review_board	1.6
reviewboard	review_board	1.6:beta1
reviewboard	review_board	1.6:beta2
reviewboard	review_board	1.6:rc1
reviewboard	review_board	1.6:rc2
reviewboard	review_board	1.6.1
reviewboard	review_board	1.6.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html

http://secunia.com/advisories/46840

http://www.openwall.com/lists/oss-security/2011/11/15/8

http://www.openwall.com/lists/oss-security/2011/11/15/9

http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/

http://www.securityfocus.com/bid/50681

https://bugzilla.redhat.com/show_bug.cgi?id=754126

https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html

http://secunia.com/advisories/46840

http://www.openwall.com/lists/oss-security/2011/11/15/8

http://www.openwall.com/lists/oss-security/2011/11/15/9

http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/

http://www.securityfocus.com/bid/50681

https://bugzilla.redhat.com/show_bug.cgi?id=754126

https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d