2 matches found
CVE-2015-8509
CVE-2015-8509 affects Bugzilla templates (Template.pm) across Bugzilla 2.x, 3.x, 4.x up to 4.2.16/4.3.x and 4.4.x up to 4.4.11, and 4.5.x–5.0.x up to 5.0.2. The issue stems from improper CSV construction that, when a CSV is interpreted as JavaScript by a browser, may leak sensitive information. T...
CVE-2015-8508
CVE-2015-8508 is a cross-site scripting (XSS) vulnerability in Bugzilla’s showdependencygraph.cgi. The attacker can inject arbitrary script/HTML via a crafted bug summary when a local dot configuration is used. Affected products/versions include Bugzilla 2.x, 3.x, and 4.x before 4.2.16; 4.3.x and...