CVE-2002-0807

2002-07-3104:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

References

archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

bugzilla.mozilla.org/show_bug.cgi?id=146447

www.iss.net/security_center/static/9304.php

www.securityfocus.com/bid/4964