Lucene search
HistoryJan 04, 2005 - 5:00 a.m.
CVE-2004-1061
bugzilla
xss
vulnerability
remote attackers
html
web script
error messages
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
89.0%
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
Affected configurations
Node
mozillabugzillaMatch2.16.1
ORmozillabugzillaMatch2.16.2
ORmozillabugzillaMatch2.16.3
ORmozillabugzillaMatch2.16.4
ORmozillabugzillaMatch2.16.5
ORmozillabugzillaMatch2.16.6
ORmozillabugzillaMatch2.16.7
ORmozillabugzillaMatch2.16.8
ORmozillabugzillaMatch2.16.9
ORmozillabugzillaMatch2.16.10
ORmozillabugzillaMatch2.16.11
ORmozillabugzillaMatch2.17
ORmozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
ORmozillabugzillaMatch2.17.5
ORmozillabugzillaMatch2.17.6
ORmozillabugzillaMatch2.17.7
Related
cvelist
cvelist
CVE-2004-1061
2004-12-31 05:00:00
ubuntucve
ubuntucve
CVE-2004-1061
2005-01-04 00:00:00
freebsd
freebsd
bugzilla -- cross-site scripting vulnerability
2004-12-01 00:00:00
nessus
nessus
Bugzilla Internal Error Response XSS
2005-01-19 00:00:00
openvas
openvas
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
nvd
nvd
CVE-2004-1061
2005-01-04 05:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
89.0%
Related for CVE-2004-1061