Bugzilla@2.23.3 Security Vulnerabilities and Issues — Bugzilla@2.23.3 CVE List

Lucene search

MozillaBugzilla2.23.3

3 matches found

CVE•added 2007/02/06 7:28 p.m.•43 views

CVE-2007-0792

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

7.5CVSS6.6AI score0.0089EPSS

CVE•added 2007/02/06 7:28 p.m.•41 views

CVE-2007-0791

Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00792EPSS

CVE•added 2007/08/27 9:17 p.m.•38 views

CVE-2007-4539

The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.

5CVSS6AI score0.00479EPSS