Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=924932 | Vendor Advisory |
http://www.bugzilla.org/security/4.0.10/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2013-10-24 03:53
Updated : 2013-10-24 16:28
NVD link : CVE-2013-1743
Mitre link : CVE-2013-1743
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mozilla
- bugzilla