CVE-2013-0785

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 46.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedFeb 24
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla3.6.12+41

🔴Vulnerability Details

2
GHSA
GHSA-mhvc-xf9p-r5hx: Cross-site scripting (XSS) vulnerability in show_bug2022-05-17
CVEList
CVE-2013-0785: Cross-site scripting (XSS) vulnerability in show_bug2013-02-24

💬Community

2
Bugzilla
CVE-2013-0785 CVE-2013-0786 bugzilla: XSS and information leak flaws fixed in 3.6.13/4.0.10/4.2.5/4.4rc22013-02-21
Bugzilla
CVE-2013-0785 CVE-2013-0786 bugzilla: CSS and information leak flaws fixed in upstream 3.6.13/4.0.10/4.2.5/4.4rc2 [epel-all]2013-02-21
CVE-2013-0785 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io