Bugzilla@4.5.1 Security Vulnerabilities and Issues — Bugzilla@4.5.1 CVE List

Lucene search

MozillaBugzilla4.5.1

7 matches found

CVE•added 2014/10/13 1:55 a.m.•63 views

CVE-2014-1572

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attacke...

5CVSS5.8AI score0.01104EPSS

CVE•added 2017/04/12 10:59 p.m.•55 views

CVE-2016-2803

Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.0039EPSS

CVE•added 2015/02/01 3:59 p.m.•54 views

CVE-2014-8630

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by she...

6.5CVSS7.1AI score0.00633EPSS

CVE•added 2014/10/13 1:55 a.m.•49 views

CVE-2014-1571

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

4CVSS5.6AI score0.00503EPSS

CVE•added 2014/04/20 1:55 a.m.•47 views

CVE-2014-1517

The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's ac...

4CVSS5.6AI score0.00394EPSS

CVE•added 2014/10/13 1:55 a.m.•45 views

CVE-2014-1573

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values...

4.3CVSS5.6AI score0.00869EPSS

CVE•added 2014/08/14 11:15 a.m.•44 views

CVE-2014-1546

The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSO...

4.3CVSS6.4AI score0.00223EPSS