Unrated severityNVD Advisory· Published Nov 24, 2011· Updated Apr 29, 2026
CVE-2011-4312
CVE-2011-4312
Description
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
Affected products
40cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*range: <=1.5.6
- cpe:2.3:a:reviewboard:review_board:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:1.6:rc2:*:*:*:*:*:*
Patches
17a0a9d945555https://github.com/reviewboard/reviewboardvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3dnvdPatch
- lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.htmlnvd
- secunia.com/advisories/46840nvd
- www.openwall.com/lists/oss-security/2011/11/15/8nvd
- www.openwall.com/lists/oss-security/2011/11/15/9nvd
- www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/nvd
- www.securityfocus.com/bid/50681nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.