CVE-2011-2976

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.16rc1 through 2.22.7 Bugzilla versions 3.0.x through 3.3.x Bugzilla versions 3.4.x before 3.4.12

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie. This can lead to the execution of malicious scripts on the victim's browser.

Recommendations For versions 2.16rc1 through 2.22.7, update to a version outside of this range to resolve the issue. For versions 3.0.x through 3.3.x, update to version 3.4.12 or later to resolve the issue. For versions 3.4.x before 3.4.12, update to version 3.4.12 or later to resolve the issue.