Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1743

CWE-79 — Cross-site Scripting (XSS)7 documents5 sources

Severity

4.3MEDIUM

EPSS

0.9%

top 24.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Bugzilla

Timeline

PublishedOct 24

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla15 versions+14

🔴Vulnerability Details

GHSA

GHSA-qh88-rwg9-3pjq: Multiple cross-site scripting (XSS) vulnerabilities in report↗2022-05-17

▶

CVEList

CVE-2013-1743: Multiple cross-site scripting (XSS) vulnerabilities in report↗2013-10-24

▶

💥Exploits & PoCs

Exploit-DB

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting↗2013-10-09

▶

💬Community

Bugzilla

CVE-2013-1734 CVE-2013-1743 CVE-2013-1742 bugzilla: multiple flaws corrected in upstream 4.0.11, 4.2.7, 4.4.1 [fedora-all]↗2013-10-17

▶

Bugzilla

CVE-2013-1734 CVE-2013-1742 CVE-2013-1743 bugzilla: multiple flaws corrected in upstream 4.0.11, 4.2.7, 4.4.1↗2013-10-17

▶

Bugzilla

CVE-2013-1734 CVE-2013-1743 CVE-2013-1742 bugzilla: multiple flaws corrected in upstream 4.0.11, 4.2.7, 4.4.1 [epel-all]↗2013-10-17

▶