PT-2011-2044 · Mozilla · Bugzilla
Michael Brooks
+1
·
Publicado
2011-01-28
·
Atualizado
2017-08-17
·
CVE-2011-0048
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Bugzilla versions 3.2.x through 3.2.9
Bugzilla versions 3.4.x through 3.4.9
Bugzilla versions 3.6.x through 3.6.3
Bugzilla versions 4.0.x through 4.0rc1
Description
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI, specifically by creating a clickable link for a
javascript: or data: URI in the URL field.Recommendations
For Bugzilla versions 3.2.x through 3.2.9, update to version 3.2.10 or later.
For Bugzilla versions 3.4.x through 3.4.9, update to version 3.4.10 or later.
For Bugzilla versions 3.6.x through 3.6.3, update to version 3.6.4 or later.
For Bugzilla versions 4.0.x through 4.0rc1, update to version 4.0rc2 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bugzilla