Damian Johnson

**Name of the Vulnerable Software and Affected Versions** Review Board versions prior to 1.5.7 Review Board versions 1.6.x prior to 1.6.3 **Description** The issue involves multiple cross-site scripting (XSS) vulnerabilities in the commenting system. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific vectors, including the diff viewer or screenshot component. **Recommendations** For Review Board versions prior to 1.5.7, update to version 1.5.7 or later. For Review Board versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later.