CVE-2015-8508

CWE-79 — Cross-site Scripting (XSS)5 documents4 sources

Severity

4.7MEDIUM

EPSS

0.4%

top 39.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJan 3

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages1 packages

▶NVDmozilla/bugzilla147 versions+146

🔴Vulnerability Details

GHSA

GHSA-g3c3-92vq-wv28: Cross-site scripting (XSS) vulnerability in showdependencygraph↗2022-05-17

▶

CVEList

CVE-2015-8508: Cross-site scripting (XSS) vulnerability in showdependencygraph↗2016-01-03

▶

💬Community

Bugzilla

CVE-2015-8508 bugzilla: cross-site scripting when generating a dependency graph [fedora-all]↗2016-01-04

▶

Bugzilla

CVE-2015-8508 bugzilla: cross-site scripting when generating a dependency graph↗2016-01-04

▶