CVE-2006-5453

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.18.x through 2.18.5 Bugzilla versions 2.20.x through 2.20.2 Bugzilla versions 2.22.x through 2.22.0 Bugzilla versions 2.23.x through 2.23.2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, description fields of certain items in various edit cgi scripts, and the id parameter in "showdependencygraph.cgi".

Recommendations For Bugzilla versions 2.18.x through 2.18.5, update to version 2.18.6 or later. For Bugzilla versions 2.20.x through 2.20.2, update to version 2.20.3 or later. For Bugzilla versions 2.22.x through 2.22.0, update to version 2.22.1 or later. For Bugzilla versions 2.23.x through 2.23.2, update to version 2.23.3 or later.