Bugzilla < 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 CSRF Vulnerability

According to its banner, the version of Bugzilla installed on the remote host contains a flaw in its callback APIs in which data is not properly sanitized before being submitted to the 'jsonrpc.cgi' script. Using a specially crafted OBJECT element with SWF content, a remote attacker could perform...