CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
47.7%
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:* |
mozilla | bugzilla | 2.18 | cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.1 | cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.2 | cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.3 | cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.4 | cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.18.5 | cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.20 | cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:* |
secunia.com/advisories/22409
secunia.com/advisories/22790
secunia.com/advisories/22826
security.gentoo.org/glsa/glsa-200611-04.xml
securityreason.com/securityalert/1760
securitytracker.com/id?1017063
www.bugzilla.org/security/2.18.5/
www.debian.org/security/2006/dsa-1208
www.osvdb.org/29544
www.osvdb.org/29545
www.osvdb.org/29549
www.securityfocus.com/archive/1/448777/100/100/threaded
www.securityfocus.com/bid/20538
www.vupen.com/english/advisories/2006/4035
bugzilla.mozilla.org/show_bug.cgi?id=206037
bugzilla.mozilla.org/show_bug.cgi?id=330555
bugzilla.mozilla.org/show_bug.cgi?id=355728
exchange.xforce.ibmcloud.com/vulnerabilities/29610
exchange.xforce.ibmcloud.com/vulnerabilities/29619