5 matches found
SUSE CVE-2010-4567
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a 1 javascript: or 2 data: URI, which allows remote attackers to conduct cross-site scripting XSS attacks via the URL aka bugfileloc field...
Gentoo Security Advisory GLSA 201110-03 (bugzilla)
The remote host is missing updates announced in advisory GLSA 201110-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
DSA-2322-1 bugzilla - several
Bulletin has no description...
Fedora 13 : bugzilla-3.4.10-1.fc13 (2011-0755)
Some serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
CVE-2010-4567
CVE-2010-4567 affects Bugzilla: whitespace before javascript: or data: in the URL field allows XSS. Affected versions per description: Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2. Public notices across multiple advisories confirm the issue and provide ...