CVE-2015-8509

CWE-200Information Exposure5 documents4 sources
Severity
3.5LOW
EPSS
0.3%
top 50.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedJan 3
Latest updateMay 17

Description

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages1 packages

NVDmozilla/bugzilla147 versions+146

🔴Vulnerability Details

2
GHSA
GHSA-mw47-prgf-pqq4: Template2022-05-17
CVEList
CVE-2015-8509: Template2016-01-03

💬Community

2
Bugzilla
CVE-2015-8509 bugzilla: information leak when parsing the CSV file [fedora-all]2016-01-04
Bugzilla
CVE-2015-8509 bugzilla: information leak when parsing the CSV file2016-01-04
CVE-2015-8509 (LOW CVSS 3.5) | Template.pm in Bugzilla 2.x | cvebase.io