3 matches found
CVE-2006-2420
Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...
CVE-2006-2420
Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...
CVE-2006-2420
CVE-2006-2420 affects Bugzilla 2.20rc1 through 2.20 and 2.21.1 when using RSS 1.0, enabling remote XSS via a title element containing HTML-encoded sequences (e.g., ">") that are decoded by some RSS readers. The issue is described as stemming from RSS design/documentation inconsistencies or RSS...