CVE-2012-0466Cross-site Scripting in Mozilla Bugzilla

CWE-2643 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 44.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedApr 27
Latest updateMay 4

Description

template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

NVDmozilla/bugzilla148 versions+147

🔴Vulnerability Details

2
GHSA
GHSA-cq7j-j393-9f9w: template/en/default/list/list2022-05-04
CVEList
CVE-2012-0466: template/en/default/list/list2012-04-27