Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability
BID:68858
Info
Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 68858 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5027 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2014 12:00AM |
| Updated: | Aug 21 2014 01:12AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: | |
Discussion
Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability
Review Board is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Review Board 1.7.27 and 2.0.4 are vulnerable.
Review Board is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Review Board 1.7.27 and 2.0.4 are vulnerable.
Exploit / POC
Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Review Board CVE-2014-5027 Unspecified Cross Site Scripting Vulnerability
References:
References: