Vulners
Lucene search
2 matches found
Bugzilla < 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 CSRF Vulnerability
According to its banner, the version of Bugzilla installed on the remote host contains a flaw in its callback APIs in which data is not properly sanitized before being submitted to the 'jsonrpc.cgi' script. Using a specially crafted OBJECT element with SWF content, a remote attacker could perform...
4.3CVSS5.2AI score0.00223EPSS
Exploits0References2
Bugzilla jsonrpc.cgi 跨站请求伪造漏洞
BUGTRAQ ID: 51783 CVE ID: CVE-2012-0440 Bugzilla是一个开源的缺陷跟踪系统,它可以管理软件开发中缺陷的提交,修复,关闭等整个生命周期。 Bugzilla在jsonrpc.cgi的实现上存在CSRF安全漏洞,成功利用这些漏洞可允许攻击者劫持任意用户使用JSON-RPC API的身份验证请求。 0 Mozilla Bugzilla 4.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/...
5.1CVSS6.4AI score0.00182EPSS
Exploits2
20