3 matches found
CVE-2006-5453
CVE-2006-5453 affects Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3. The description cites multiple cross-site scripting (XSS) vulnerabilities allowing remote authenticated users to inject arbitrary web script or HTML via: (1) page headers in ...
CVE-2009-0481
The CVE-2009-0481 issue affects Bugzilla 2.x (before 2.22.7), 3.0 (before 3.0.7), 3.2 (before 3.2.1), and 3.3 (before 3.3.2). It allows remote authenticated users to perform cross-site scripting by uploading HTML/JavaScript attachments that are rendered by browsers. The NVD CVSSv2 score is 3.5 (L...
CVE-2008-2105
CVE-2008-2105 affects Bugzilla: vulnerable in Bugzilla 2.23.4 and 3.0.x before 3.0.4, and 3.1.x before 3.1.4. A remote authenticated user can abuse the @reporter command in the body of an email to spoof the bug changer, overriding the address from the From header. This bypasses normal From-header...