CVE-2004-0705

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.16.x through 2.16.5 Bugzilla versions 2.18 before 2.18rc1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in various CGI scripts, including editcomponents.cgi, editgroups.cgi, editmilestones.cgi, editproducts.cgi, editusers.cgi, and editversions.cgi. These vulnerabilities allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.

Recommendations For Bugzilla versions 2.16.x through 2.16.5, update to version 2.16.6 or later. For Bugzilla versions 2.18 before 2.18rc1, update to version 2.18rc1 or later. As a temporary workaround, consider restricting access to the vulnerable CGI scripts until a patch is available.