template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9,
3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not
properly handle multiple logins, which allows remote attackers to conduct
cross-site scripting (XSS) attacks and obtain sensitive bug information via
a crafted web page.