Bugzilla@2.16 rc2 Security Vulnerabilities and Issues — Bugzilla@2.16 rc2 CVE List

Lucene search

MozillaBugzilla2.16 rc2

16 matches found

CVE•added 2011/01/28 4:0 p.m.•65 views

CVE-2010-4567

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field.

4.3CVSS5.6AI score0.0083EPSS

CVE•added 2014/10/13 1:55 a.m.•63 views

CVE-2014-1572

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attacke...

5CVSS5.8AI score0.01104EPSS

CVE•added 2010/11/05 5:0 p.m.•61 views

CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.

2.6CVSS6.5AI score0.00733EPSS

CVE•added 2011/01/28 4:0 p.m.•58 views

CVE-2010-4572

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-27...

4.3CVSS8.9AI score0.02718EPSS

CVE•added 2017/04/12 10:59 p.m.•55 views

CVE-2016-2803

Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.0039EPSS

CVE•added 2011/01/28 4:0 p.m.•54 views

CVE-2011-0046

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting ...

6.8CVSS7.2AI score0.00434EPSS

CVE•added 2011/01/28 4:0 p.m.•51 views

CVE-2011-0048

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a cr...

4.3CVSS5.5AI score0.0083EPSS

CVE•added 2014/10/13 1:55 a.m.•49 views

CVE-2014-1571

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

4CVSS5.6AI score0.00503EPSS

CVE•added 2009/02/09 5:30 p.m.•48 views

CVE-2009-0481

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.

3.5CVSS5.1AI score0.00232EPSS

CVE•added 2010/11/05 5:0 p.m.•46 views

CVE-2010-3764

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.

5CVSS5.8AI score0.00846EPSS

CVE•added 2014/10/13 1:55 a.m.•45 views

CVE-2014-1573

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values...

4.3CVSS5.6AI score0.00869EPSS

CVE•added 2009/02/09 5:30 p.m.•42 views

CVE-2009-0483

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.

5.8CVSS6.6AI score0.00413EPSS

CVE•added 2012/01/02 7:55 p.m.•42 views

CVE-2011-3669

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.

6.8CVSS7.1AI score0.00128EPSS

CVE•added 2009/02/09 5:30 p.m.•41 views

CVE-2009-0482

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.

5.8CVSS6.6AI score0.00267EPSS

CVE•added 2008/05/07 8:20 p.m.•36 views

CVE-2008-2105

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE:...

3.5CVSS6AI score0.00497EPSS

CVE•added 2012/01/02 7:55 p.m.•30 views

CVE-2011-3668

Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.

6.8CVSS7.1AI score0.00128EPSS