CVE-2014-1573 — Cross-site Scripting in Mozilla Bugzilla

CWE-79 — Cross-site Scripting6 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 24.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Mozilla Bugzilla

Timeline

PublishedOct 13

Latest updateMay 17

Description

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla184 versions+183

Also affects: Fedora 19, 20, 21

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-gw6m-j3wf-x49f: Bugzilla 2↗2022-05-17

▶

CVEList

CVE-2014-1573: Bugzilla 2↗2014-10-13

▶

💬Community

Bugzilla

CVE-2014-1573 CVE-2014-1572 CVE-2014-1571 bugzilla: security fixes release [fedora-all]↗2014-10-07

▶

Bugzilla

CVE-2014-1573 CVE-2014-1572 CVE-2014-1571 bugzilla: security fixes release [epel-all]↗2014-10-07

▶

Bugzilla

CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release↗2014-10-07

▶