Описание
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 2.20-1 |
| devel | released | 2.20-1 |
| edgy | released | 2.20-1 |
| feisty | released | 2.20-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, incl ...
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
EPSS
4.3 Medium
CVSS2