VIR Vulnerability Intelligence Relay

CVE-2013-2209

medium
Published 2022-05-17 · Modified 2026-04-29
CVSS v3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
CVSS v2
4.3
VIR risk
4.3

Description

Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/

Package impact
EcosystemPackageVulnerableFixed
python PyPIreviewboard>=1.6,<1.6.171.6.17
python PyPIreviewboard>=1.7,<1.7.101.7.10

Application impact
VendorProductVersionsFixed
reviewboardreview_board1.6
reviewboardreview_board1.6.1
reviewboardreview_board1.6.2
reviewboardreview_board1.6.3
reviewboardreview_board1.6.4
reviewboardreview_board1.6.5
reviewboardreview_board1.6.6
reviewboardreview_board1.6.7
reviewboardreview_board1.6.8
reviewboardreview_board1.6.9
reviewboardreview_board1.6.10
reviewboardreview_board1.6.11
reviewboardreview_board1.6.12
reviewboardreview_board1.6.13
reviewboardreview_board1.6.14
reviewboardreview_board1.6.15
reviewboardreview_board1.6.16
reviewboardreview_board1.7.0
reviewboardreview_board1.7.0.1
reviewboardreview_board1.7.1
reviewboardreview_board1.7.2
reviewboardreview_board1.7.3
reviewboardreview_board1.7.4
reviewboardreview_board1.7.5
reviewboardreview_board1.7.6
reviewboardreview_board1.7.7
reviewboardreview_board1.7.8
reviewboardreview_board1.7.9

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.