CVE-2006-0916

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.19.3 through 2.20

Description The issue arises from improper handling of "//" sequences in URLs when redirecting a user from the login form. This could lead to the generation of a partial URL in a form action, causing the user's browser to send form data to another domain.

Recommendations For versions 2.19.3 through 2.20, consider modifying the URL handling mechanism to properly process "//" sequences and prevent the generation of partial URLs that could redirect form data to unintended domains. As a temporary workaround, restrict the use of the login form until a proper fix is implemented.