CVE-2011-3657Cross-site Scripting in Mozilla Bugzilla

CWE-79Cross-site Scripting6 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 41.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedJan 2
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla144 versions+143

🔴Vulnerability Details

2
GHSA
GHSA-qphq-g8gv-7vgc: Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 22022-05-17
CVEList
CVE-2011-3657: Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 22012-01-02

💬Community

3
Bugzilla
CVE-2011-3657 CVE-2011-3667 CVE-2011-3668 CVE-2011-3669 bugzilla: multiple security flaws fixed in 4.1.3, 4.0.2, 3.6.6, and 3.4.12 [fedora-all]2012-01-03
Bugzilla
CVE-2011-3657 CVE-2011-3667 CVE-2011-3668 CVE-2011-3669 bugzilla: multiple security flaws fixed in 4.1.3, 4.0.2, 3.6.6, and 3.4.12 [epel-all]2012-01-03
Bugzilla
CVE-2011-3657 CVE-2011-3667 CVE-2011-3668 CVE-2011-3669 bugzilla: multiple security flaws fixed in 4.1.3, 4.0.2, 3.6.6, and 3.4.122011-12-29
CVE-2011-3657 — Cross-site Scripting in Mozilla | cvebase