Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
References
Link | Resource |
---|---|
https://www.bugzilla.org/security/4.4.11/ | Issue Tracking Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1035891 | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/137079/Bugzilla-4.4.11-5.0.2-Summary-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/538401/100/0/threaded |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-04-12 15:59
Updated : 2018-10-09 12:59
NVD link : CVE-2016-2803
Mitre link : CVE-2016-2803
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mozilla
- bugzilla