Bugzilla Security Vulnerabilities and Issues — Bugzilla CVE List

Lucene search

MozillaBugzilla

11 matches found

CVE•added 2017/04/12 10:59 p.m.•55 views

CVE-2016-2803

Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS5.9AI score0.0039EPSS

CVE•added 2011/01/28 4:0 p.m.•54 views

CVE-2011-0046

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting ...

6.8CVSS7.2AI score0.00434EPSS

CVE•added 2015/02/01 3:59 p.m.•54 views

CVE-2014-8630

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by she...

6.5CVSS7.1AI score0.00633EPSS

CVE•added 2013/10/24 10:53 a.m.•51 views

CVE-2013-1734

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via a...

6.8CVSS7.1AI score0.00117EPSS

CVE•added 2013/10/24 10:53 a.m.•49 views

CVE-2013-1733

Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token.

6.8CVSS7.1AI score0.00117EPSS

CVE•added 2003/08/27 4:0 a.m.•48 views

CVE-2003-0602

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz ...

6.8CVSS6AI score0.01009EPSS

CVE•added 2012/01/02 7:55 p.m.•42 views

CVE-2011-3669

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.

6.8CVSS7.1AI score0.00128EPSS

CVE•added 2012/01/02 7:55 p.m.•40 views

CVE-2011-3667

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers...

6.8CVSS6.4AI score0.00465EPSS

CVE•added 2010/08/16 3:14 p.m.•39 views

CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

6.5CVSS6AI score0.01236EPSS

CVE•added 2009/04/01 10:30 a.m.•38 views

CVE-2009-1213

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

6.8CVSS7AI score0.00347EPSS

CVE•added 2012/01/02 7:55 p.m.•30 views

CVE-2011-3668

Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.

6.8CVSS7.1AI score0.00128EPSS