NVD

Id
32853  
Name
CVE-2014-5027  
Description
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-07-25  
Modified Date
2015-11-27  
Seq
2014-5027  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
172557 32853 CVE-2014-5027 [oss-security] 20140721 CVE requests for Review Board  View
172558 32853 CVE-2014-5027 [oss-security] 20140722 Re: CVE requests for Review Board  View
172559 32853 CVE-2014-5027 68858  View
172560 32853 CVE-2014-5027 https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27  View
172561 32853 CVE-2014-5027 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4  View
172562 32853 CVE-2014-5027 https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14701 JVNDB-2014-003576 Review Board におけるクロスサイトスクリプティングの脆弱性 Review Board には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-5027 72316 CVE-2014-5027 32853 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003576.html 2014-07-22 2014-07-29 View