CVE-2013-2209
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
Date published : 2013-07-31
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/