[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-0048Date: (C)2011-01-28   (M)2023-12-22


Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-43033
SECUNIA-43165
BID-45982
OSVDB-70704
ADV-2011-0207
ADV-2011-0271
DSA-2322
FEDORA-2011-0741
FEDORA-2011-0755
bugzilla-url-xss(65005)
http://www.bugzilla.org/security/3.2.9/
https://bugzilla.mozilla.org/show_bug.cgi?id=628034

CPE    107
cpe:/a:mozilla:bugzilla:2.22:rc1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.18.4
...
CWE    1
CWE-79
OVAL    1
oval:org.secpod.oval:def:600628

© SecPod Technologies