CVE-2013-4519: XSS
First published: Fri Nov 15 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Review Board | =1.6 | |
| Review Board | =1.6-beta1 | |
| Review Board | =1.6-beta2 | |
| Review Board | =1.6-rc1 | |
| Review Board | =1.6-rc2 | |
| Review Board | =1.6.1 | |
| Review Board | =1.6.2 | |
| Review Board | =1.6.3 | |
| Review Board | =1.6.4 | |
| Review Board | =1.6.5 | |
| Review Board | =1.6.6 | |
| Review Board | =1.6.7 | |
| Review Board | =1.6.8 | |
| Review Board | =1.6.9 | |
| Review Board | =1.6.10 | |
| Review Board | =1.6.11 | |
| Review Board | =1.6.12 | |
| Review Board | =1.6.13 | |
| Review Board | =1.6.14 | |
| Review Board | =1.6.15 | |
| Review Board | =1.6.16 | |
| Review Board | =1.6.17 | |
| Review Board | =1.6.18 | |
| Review Board | =1.6.19 | |
| Review Board | =1.6.20 | |
| Review Board | =1.7.0 | |
| Review Board | =1.7.0.1 | |
| Review Board | =1.7.1 | |
| Review Board | =1.7.2 | |
| Review Board | =1.7.3 | |
| Review Board | =1.7.4 | |
| Review Board | =1.7.5 | |
| Review Board | =1.7.6 | |
| Review Board | =1.7.7 | |
| Review Board | =1.7.8 | |
| Review Board | =1.7.9 | |
| Review Board | =1.7.10 | |
| Review Board | =1.7.11 | |
| Review Board | =1.7.12 | |
| Review Board | =1.7.13 | |
| Review Board | =1.7.14 | |
| Review Board | =1.7.15 | |
| Review Board | =1.7.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/99512
- http://osvdb.org/99513
- http://secunia.com/advisories/55623
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17
- http://www.securityfocus.com/bid/63601
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88620
Frequently Asked Questions
What is the severity of CVE-2013-4519?
CVE-2013-4519 has a medium severity level due to its impact on web security allowing XSS attacks.
How do I fix CVE-2013-4519?
To fix CVE-2013-4519, upgrade Review Board to version 1.6.21 or later, or 1.7.17 or later.
What are the affected versions for CVE-2013-4519?
CVE-2013-4519 affects Review Board versions 1.6.x prior to 1.6.21 and 1.7.x prior to 1.7.17.
What types of vulnerabilities does CVE-2013-4519 include?
CVE-2013-4519 includes multiple cross-site scripting (XSS) vulnerabilities.
Who can exploit CVE-2013-4519?
CVE-2013-4519 can be exploited by remote attackers to inject arbitrary web script or HTML.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/reviewboard
- canonical/review board
- version/review board/1.6
- version/review board/1.6-beta1
- version/review board/1.6-beta2
- version/review board/1.6-rc1
- version/review board/1.6-rc2
- version/review board/1.6.1
- version/review board/1.6.2
- version/review board/1.6.3
- version/review board/1.6.4
- version/review board/1.6.5
- version/review board/1.6.6
- version/review board/1.6.7
- version/review board/1.6.8
- version/review board/1.6.9
- version/review board/1.6.10
- version/review board/1.6.11
- version/review board/1.6.12
- version/review board/1.6.13
- version/review board/1.6.14
- version/review board/1.6.15
- version/review board/1.6.16
- version/review board/1.6.17
- version/review board/1.6.18
- version/review board/1.6.19
- version/review board/1.6.20
- version/review board/1.7.0
- version/review board/1.7.0.1
- version/review board/1.7.1
- version/review board/1.7.2
- version/review board/1.7.3
- version/review board/1.7.4
- version/review board/1.7.5
- version/review board/1.7.6
- version/review board/1.7.7
- version/review board/1.7.8
- version/review board/1.7.9
- version/review board/1.7.10
- version/review board/1.7.11
- version/review board/1.7.12
- version/review board/1.7.13
- version/review board/1.7.14
- version/review board/1.7.15
- version/review board/1.7.16