Bugzilla@3.0.0 Security Vulnerabilities and Issues — Bugzilla@3.0.0 CVE List

Lucene search

MozillaBugzilla3.0.0

5 matches found

CVE•added 2009/02/09 5:30 p.m.•48 views

CVE-2009-0481

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.

3.5CVSS5.1AI score0.00232EPSS

CVE•added 2009/02/09 5:30 p.m.•42 views

CVE-2009-0483

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.

5.8CVSS6.6AI score0.00413EPSS

CVE•added 2009/02/09 6:30 p.m.•41 views

CVE-2008-6098

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

4CVSS6.1AI score0.00382EPSS

CVE•added 2009/02/09 5:30 p.m.•41 views

CVE-2009-0482

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.

5.8CVSS6.6AI score0.00267EPSS

CVE•added 2009/02/09 5:30 p.m.•40 views

CVE-2009-0484

Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.

5.8CVSS6.6AI score0.00413EPSS