PT-2006-6171 · Mozilla · Bugzilla

Frédéric Buclin

Published

2006-10-23

Updated

2018-10-17

CVE-2006-5453

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.18.x through 2.18.5 Bugzilla versions 2.20.x through 2.20.2 Bugzilla versions 2.22.x through 2.22.0 Bugzilla versions 2.23.x through 2.23.2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, description fields of certain items in various edit cgi scripts, and the id parameter in "showdependencygraph.cgi".

Recommendations For Bugzilla versions 2.18.x through 2.18.5, update to version 2.18.6 or later. For Bugzilla versions 2.20.x through 2.20.2, update to version 2.20.3 or later. For Bugzilla versions 2.22.x through 2.22.0, update to version 2.22.1 or later. For Bugzilla versions 2.23.x through 2.23.2, update to version 2.23.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5453

DSA-1208-1

Affected Products

Bugzilla

PT-2006-6171 · Mozilla · Bugzilla

CVE-2006-5453

Related Identifiers

Affected Products

References · 21