The remote web server is hosting Bugzilla, a web-based bug tracking application.
Versions of Bugzilla 3.2.x earlier than 3.2.10, 3.4.x earlier than 3.4.10, and 3.6.x earlier than 3.6.4 are potentially affected by multiple vulnerabilities :
A weakness could allow a user to gain unauthorized access to another Bugzilla account.
A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages.
It is possible to insert harmful ‘javascript:’ or ‘data:’ URLs into Bugzilla’s ‘URL’ field which in some cases Buzilla will make clickable.
Various pages lack protection against cross-site request forgeries.
Binary data 5744.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4410
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0048
www.bugzilla.org/security/3.2.9