Persistent Cross-Site Scripting (XSS) Vulnerability in Review Board Versions 3.0.20 and 4.0 RC1 and Earlier

Persistent Cross-Site Scripting (XSS) Vulnerability in Review Board Versions 3.0.20 and 4.0 RC1 and Earlier

CVE-2021-31330 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.

Learn more about our Web Application Penetration Testing UK.