Bugzilla@3.0.0 Security Vulnerabilities and Issues — Bugzilla@3.0.0 CVE List

Lucene search

MozillaBugzilla3.0.0

4 matches found

CVE•added 2007/08/27 9:17 p.m.•55 views

CVE-2007-4543

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."

4.3CVSS5.5AI score0.00632EPSS

CVE•added 2007/09/24 12:17 a.m.•43 views

CVE-2007-5038

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

7.5CVSS6.5AI score0.00816EPSS

CVE•added 2007/08/27 9:17 p.m.•39 views

CVE-2007-4538

email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.

5CVSS7.4AI score0.00686EPSS

CVE•added 2007/08/27 9:17 p.m.•38 views

CVE-2007-4539

The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.

5CVSS6AI score0.00479EPSS