The 1.7.27 release of Review Board fixes the following flaws:
Fixed a vulnerability where a URL to a diff fragment could be crafted that would inject custom HTML into the page. An attacker could send such a URL to another user and execute code in their browser session.
The Original File and Patched File resources could be used to access files on a private review request that the user did not have access to, if they knew the approciate database IDs.
Version 1.7.27 is already in Fedora testing.
Created ReviewBoard tracking bugs for this issue:
Affects: epel-6 [bug 1123693]