This post will be updated with more information soon.
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Proof-of-Concept:
By utilizing the built-in markdown editing, an attacker may trick an unsuspecting victim into executing javascript within their browser.
[Click](javascript:alert(document.cookie))
Fix
The issue has since been fixed with versions 3.0.21 and 4.0 RC2. The release notes can be viewed here:
https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/
Thank you to Christian with Review Board for being so transparent and maintaining excellent communication during this process.
