Описание
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| edgy | not-affected | |
| feisty | not-affected | |
| gutsy | not-affected | |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| karmic | not-affected | |
| upstream | released | 2.20.1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences i ...
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
EPSS
7.5 High
CVSS2