Matt S

**Name of the Vulnerable Software and Affected Versions** Review Board versions 3.0.20 and earlier Review Board versions 4.0 RC1 and earlier **Description** A Cross-Site Scripting (XSS) issue exists, allowing an authenticated attacker to inject malicious Javascript code when using Markdown editing within the application, which remains persistent. **Recommendations** For Review Board versions 3.0.20 and earlier, update to a version later than 3.0.20 to resolve the issue. For Review Board versions 4.0 RC1 and earlier, update to a version later than 4.0 RC1 to resolve the issue.