CVE-2006-5453Cross-site Scripting in Mozilla Bugzilla

4 documents4 sources
Severity
3.5LOWNVD
EPSS
1.1%
top 22.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedOct 23
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla13 versions+12

Patches

Patch: securitytracker.comPatch: www.osvdb.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-v738-m6pc-6pgr: Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 22022-05-01
CVEList
CVE-2006-5453: Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 22006-10-23

💬Community

1
Bugzilla
CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities2006-10-26
CVE-2006-5453 — Cross-site Scripting in Mozilla | cvebase