Lucene search

[email protected]NVD:CVE-2004-1061

HistoryJan 04, 2005 - 5:00 a.m.

CVE-2004-1061

2005-01-0405:00:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.

Affected configurations

NVD

Node

mozillabugzillaMatch2.16.1

mozillabugzillaMatch2.16.2

mozillabugzillaMatch2.16.3

mozillabugzillaMatch2.16.4

mozillabugzillaMatch2.16.5

mozillabugzillaMatch2.16.6

mozillabugzillaMatch2.16.7

mozillabugzillaMatch2.16.8

mozillabugzillaMatch2.16.9

mozillabugzillaMatch2.16.10

mozillabugzillaMatch2.16.11

mozillabugzillaMatch2.17

mozillabugzillaMatch2.17.1

mozillabugzillaMatch2.17.3

mozillabugzillaMatch2.17.4

mozillabugzillaMatch2.17.5

mozillabugzillaMatch2.17.6

mozillabugzillaMatch2.17.7

References

distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040

lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html

www.mikx.de/index.php?p=6

www.securityfocus.com/bid/12154

bugzilla.mozilla.org/show_bug.cgi?id=272620

exchange.xforce.ibmcloud.com/vulnerabilities/18728

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for NVD:CVE-2004-1061

ubuntucve1 freebsd1 nessus2 openvas2 cve1 cvelist1