CVE-2015-8509

2016-01-03T00:59:11
ID CVE-2015-8509
Type cve
Reporter NVD
Modified 2016-12-07T13:28:39

Description

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.