Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x prior to 2.16.3 and 2.17.x prior to 2.17.4 allow remote malicious users to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.16 |
||
mozilla bugzilla 2.16.1 |
||
mozilla bugzilla 2.16.2 |
||
mozilla bugzilla 2.17 |
||
mozilla bugzilla 2.17.1 |