PT-2002-1828 · Mozilla · Bugzilla
Published
2002-07-31
·
Updated
2008-09-10
·
CVE-2002-0807
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Bugzilla versions 2.14 through 2.14.1
Bugzilla versions 2.16 before 2.16rc2
Description:
The issue allows remote attackers to execute script as other Bugzilla users via the full name (real name) field. This occurs because the
full name field is not properly quoted by editusers.cgi, leading to potential cross-site scripting.Recommendations:
For Bugzilla versions 2.14 through 2.14.1, update to version 2.14.2 or later.
For Bugzilla versions 2.16 before 2.16rc2, update to version 2.16rc2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bugzilla