bugzilla -- cross-site scripting vulnerability

ID 97C3A452-6E36-11D9-8324-000A95BC6FAE
Type freebsd
Reporter FreeBSD
Modified 2004-12-01T00:00:00


A Bugzilla advisory states:

This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL unaltered in the page, allowing scripts embedded in the URL to execute.