4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.6%
template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12,
3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and
4.4.x before 4.4rc1 generates JavaScript function calls containing private
product names or private component names in certain circumstances involving
custom-field visibility control, which allows remote attackers to obtain
sensitive information by reading HTML source code.