Описание
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 3.7.x and higher |
| devel | not-affected | 3.7.x and higher |
| hardy | not-affected | 3.7.x and higher |
| karmic | not-affected | 3.7.x and higher |
| lucid | not-affected | 3.7.x and higher |
| maverick | not-affected | 3.7.x and higher |
| upstream | released | 4.0rc2 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7 ...
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
4.3 Medium
CVSS2