4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.0%
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.
archives.neohapsis.com/archives/bugtraq/2012-04/0135.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html
bugzilla.mozilla.org/show_bug.cgi?id=745397