CVE-2012-4189

CWE-79 — Cross-site Scripting (XSS)5 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 46.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedNov 16

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla12 versions+11

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-9cgp-gh54-rmwq: Cross-site scripting (XSS) vulnerability in Bugzilla 4↗2022-05-17

▶

CVEList

CVE-2012-4189: Cross-site scripting (XSS) vulnerability in Bugzilla 4↗2012-11-16

▶

💥Exploits & PoCs

Exploit-DB

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting↗2013-10-09

▶

Exploit-DB

Novell Groupwise - Address Book Remote Code Execution↗2012-03-01

▶