Bugzilla Security Vulnerabilities and Issues — Bugzilla CVE List

Lucene search

MozillaBugzilla

4 matches found

CVE•added 2008/10/03 10:22 p.m.•50 views

CVE-2008-4437

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

7.1CVSS6.3AI score0.10547EPSS

CVE•added 2008/05/07 8:20 p.m.•41 views

CVE-2008-2103

Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.

4.3CVSS5.5AI score0.00619EPSS

CVE•added 2008/05/07 8:20 p.m.•36 views

CVE-2008-2105

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE:...

3.5CVSS6AI score0.00497EPSS

CVE•added 2008/05/07 8:20 p.m.•33 views

CVE-2008-2104

The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

4CVSS6.3AI score0.00286EPSS