CVE-2003-0602 — Cross-site Scripting in Mozilla Bugzilla

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 22.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 27

Latest updateApr 29

Description

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla6 versions+5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-353j-5q9x-xhrh: Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2↗2022-04-29

▶

CVEList

CVE-2003-0602: Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2↗2003-07-29

▶