Cross-site scripting (XSS) vulnerability in Bugzilla prior to 2.18, including 2.16.x prior to 2.16.11, allows remote malicious users to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.16.2 |
||
mozilla bugzilla 2.16.3 |
||
mozilla bugzilla 2.17 |
||
mozilla bugzilla 2.17.1 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.16.1 |
||
mozilla bugzilla 2.16.6 |
||
mozilla bugzilla 2.16.7 |
||
mozilla bugzilla 2.17.6 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.16.10 |
||
mozilla bugzilla 2.16.11 |
||
mozilla bugzilla 2.16.8 |
||
mozilla bugzilla 2.16.9 |
||
mozilla bugzilla 2.16.4 |
||
mozilla bugzilla 2.16.5 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.17.5 |