[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5453Date: (C)2006-10-23   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication:
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1017063
SREASON-1760
http://www.securityfocus.com/archive/1/archive/1/448777/100/100/threaded
BID-20538
SECUNIA-22409
SECUNIA-22790
SECUNIA-22826
OSVDB-29544
OSVDB-29545
OSVDB-29549
ADV-2006-4035
DSA-1208
GLSA-200611-04
bugzilla-h1h2-tags-xss(29610)
bugzilla-showdependencygraph(29619)
http://www.bugzilla.org/security/2.18.5/
https://bugzilla.mozilla.org/show_bug.cgi?id=206037
https://bugzilla.mozilla.org/show_bug.cgi?id=330555
https://bugzilla.mozilla.org/show_bug.cgi?id=355728

CPE    18
cpe:/a:mozilla:bugzilla:2.20
cpe:/a:mozilla:bugzilla:2.20:rc1
cpe:/a:mozilla:bugzilla:2.20:rc2
cpe:/a:mozilla:bugzilla:2.23.2
...

© SecPod Technologies