Lucene search
HistoryApr 27, 2012 - 8:55 p.m.
CVE-2012-0466
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.0%
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.
Affected configurations
Node
mozillabugzillaMatch2.0
ORmozillabugzillaMatch2.2
ORmozillabugzillaMatch2.4
ORmozillabugzillaMatch2.6
ORmozillabugzillaMatch2.8
ORmozillabugzillaMatch2.9
ORmozillabugzillaMatch2.10
ORmozillabugzillaMatch2.12
ORmozillabugzillaMatch2.14
ORmozillabugzillaMatch2.14.1
ORmozillabugzillaMatch2.14.2
ORmozillabugzillaMatch2.14.3
ORmozillabugzillaMatch2.14.4
ORmozillabugzillaMatch2.14.5
ORmozillabugzillaMatch2.16
ORmozillabugzillaMatch2.16rc1
ORmozillabugzillaMatch2.16rc2
ORmozillabugzillaMatch2.16.1
ORmozillabugzillaMatch2.16.2
ORmozillabugzillaMatch2.16.3
ORmozillabugzillaMatch2.16.4
ORmozillabugzillaMatch2.16.5
ORmozillabugzillaMatch2.16.6
ORmozillabugzillaMatch2.16.7
ORmozillabugzillaMatch2.16.8
ORmozillabugzillaMatch2.16.9
ORmozillabugzillaMatch2.16.10
ORmozillabugzillaMatch2.16.11
ORmozillabugzillaMatch2.17
ORmozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.2
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
ORmozillabugzillaMatch2.17.5
ORmozillabugzillaMatch2.17.6
ORmozillabugzillaMatch2.17.7
ORmozillabugzillaMatch2.18
ORmozillabugzillaMatch2.18rc1
ORmozillabugzillaMatch2.18rc2
ORmozillabugzillaMatch2.18rc3
ORmozillabugzillaMatch2.18.1
ORmozillabugzillaMatch2.18.2
ORmozillabugzillaMatch2.18.3
ORmozillabugzillaMatch2.18.4
ORmozillabugzillaMatch2.18.5
ORmozillabugzillaMatch2.18.6
ORmozillabugzillaMatch2.18.6\+
ORmozillabugzillaMatch2.18.7
ORmozillabugzillaMatch2.18.8
ORmozillabugzillaMatch2.18.9
ORmozillabugzillaMatch2.19
ORmozillabugzillaMatch2.19.1
ORmozillabugzillaMatch2.19.2
ORmozillabugzillaMatch2.19.3
ORmozillabugzillaMatch2.20
ORmozillabugzillaMatch2.20rc1
ORmozillabugzillaMatch2.20rc2
ORmozillabugzillaMatch2.20.1
ORmozillabugzillaMatch2.20.2
ORmozillabugzillaMatch2.20.3
ORmozillabugzillaMatch2.20.4
ORmozillabugzillaMatch2.20.5
ORmozillabugzillaMatch2.20.6
ORmozillabugzillaMatch2.20.7
ORmozillabugzillaMatch2.21
ORmozillabugzillaMatch2.21.1
ORmozillabugzillaMatch2.21.2
ORmozillabugzillaMatch2.21.2rc1
ORmozillabugzillaMatch2.22
ORmozillabugzillaMatch2.22rc1
ORmozillabugzillaMatch2.22.1
ORmozillabugzillaMatch2.22.2
ORmozillabugzillaMatch2.22.3
ORmozillabugzillaMatch2.22.4
ORmozillabugzillaMatch2.22.5
ORmozillabugzillaMatch2.22.6
ORmozillabugzillaMatch2.22.7
ORmozillabugzillaMatch2.23
ORmozillabugzillaMatch2.23.1
ORmozillabugzillaMatch2.23.2
ORmozillabugzillaMatch2.23.3
ORmozillabugzillaMatch2.23.4
Node
mozillabugzillaMatch3.0
ORmozillabugzillaMatch3.0rc1
ORmozillabugzillaMatch3.0.0
ORmozillabugzillaMatch3.0.1
ORmozillabugzillaMatch3.0.2
ORmozillabugzillaMatch3.0.3
ORmozillabugzillaMatch3.0.4
ORmozillabugzillaMatch3.0.5
ORmozillabugzillaMatch3.0.6
ORmozillabugzillaMatch3.0.7
ORmozillabugzillaMatch3.0.8
ORmozillabugzillaMatch3.0.9
ORmozillabugzillaMatch3.0.10
ORmozillabugzillaMatch3.0.11
ORmozillabugzillaMatch3.1.0
ORmozillabugzillaMatch3.1.1
ORmozillabugzillaMatch3.1.2
ORmozillabugzillaMatch3.1.3
ORmozillabugzillaMatch3.1.4
ORmozillabugzillaMatch3.2
ORmozillabugzillaMatch3.2rc1
ORmozillabugzillaMatch3.2rc2
ORmozillabugzillaMatch3.2.1
ORmozillabugzillaMatch3.2.2
ORmozillabugzillaMatch3.2.3
ORmozillabugzillaMatch3.2.4
ORmozillabugzillaMatch3.2.5
ORmozillabugzillaMatch3.2.6
ORmozillabugzillaMatch3.2.7
ORmozillabugzillaMatch3.2.8
ORmozillabugzillaMatch3.2.9
ORmozillabugzillaMatch3.2.10
ORmozillabugzillaMatch3.3
ORmozillabugzillaMatch3.3.1
ORmozillabugzillaMatch3.3.2
ORmozillabugzillaMatch3.3.3
ORmozillabugzillaMatch3.3.4
ORmozillabugzillaMatch3.4
ORmozillabugzillaMatch3.4rc1
ORmozillabugzillaMatch3.4.1
ORmozillabugzillaMatch3.4.2
ORmozillabugzillaMatch3.4.3
ORmozillabugzillaMatch3.4.4
ORmozillabugzillaMatch3.4.5
ORmozillabugzillaMatch3.4.6
ORmozillabugzillaMatch3.4.7
ORmozillabugzillaMatch3.4.8
ORmozillabugzillaMatch3.4.9
ORmozillabugzillaMatch3.4.10
ORmozillabugzillaMatch3.4.11
ORmozillabugzillaMatch3.4.12
ORmozillabugzillaMatch3.4.13
ORmozillabugzillaMatch3.5
ORmozillabugzillaMatch3.5.1
ORmozillabugzillaMatch3.5.2
ORmozillabugzillaMatch3.5.3
ORmozillabugzillaMatch3.6
ORmozillabugzillaMatch3.6rc1
ORmozillabugzillaMatch3.6.0
ORmozillabugzillaMatch3.6.1
ORmozillabugzillaMatch3.6.2
ORmozillabugzillaMatch3.6.3
ORmozillabugzillaMatch3.6.4
ORmozillabugzillaMatch3.6.5
ORmozillabugzillaMatch3.6.6
ORmozillabugzillaMatch3.6.7
ORmozillabugzillaMatch3.6.8
ORmozillabugzillaMatch3.7
ORmozillabugzillaMatch3.7.1
ORmozillabugzillaMatch3.7.2
ORmozillabugzillaMatch3.7.3
Node
mozillabugzillaMatch4.0.1
ORmozillabugzillaMatch4.0.2
ORmozillabugzillaMatch4.0.3
ORmozillabugzillaMatch4.0.4
ORmozillabugzillaMatch4.0.5
ORmozillabugzillaMatch4.1.1
ORmozillabugzillaMatch4.1.2
ORmozillabugzillaMatch4.1.3
ORmozillabugzillaMatch4.2
ORmozillabugzillaMatch4.2rc1
ORmozillabugzillaMatch4.2rc2
References
archives.neohapsis.com/archives/bugtraq/2012-04/0135.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html
bugzilla.mozilla.org/show_bug.cgi?id=745397
Related
cvelist
cvelist
CVE-2012-0466
2012-04-27 20:00:00
cve
cve
CVE-2012-0466
2012-04-27 20:55:01
ubuntucve
ubuntucve
CVE-2012-0466
2012-04-27 00:00:00
prion
prion
Cross site scripting
2012-04-27 20:55:00
nessus
nessus
Fedora 16 : bugzilla-4.0.6-1.fc16 (2012-6368)
2012-05-01 00:00:00
Fedora 17 : bugzilla-4.0.6-1.fc17 (2012-6282)
2012-05-02 00:00:00
Fedora 15 : bugzilla-3.6.9-1.fc15 (2012-6396)
2012-05-01 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2012-6396
2012-05-04 00:00:00
FreeBSD Ports: bugzilla
2012-04-30 00:00:00
Fedora Update for bugzilla FEDORA-2012-6282
2012-08-30 00:00:00
securityvulns
securityvulns
Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9
2012-04-23 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2012-04-18 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: bugzilla-3.6.9-1.fc15
2012-05-01 00:56:53
[SECURITY] Fedora 17 Update: bugzilla-4.0.6-1.fc17
2012-05-02 04:54:29
[SECURITY] Fedora 16 Update: bugzilla-4.0.6-1.fc16
2012-05-01 00:48:20
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.0%
Related for NVD:CVE-2012-0466