Published: 09/02/2009 Updated: 25/03/2009

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Bugzilla 2.x prior to 2.22.7, 3.0 prior to 3.0.7, 3.2 prior to 3.2.1, and 3.3 prior to 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bugzilla 2.14.1
mozilla bugzilla 2.14.4
mozilla bugzilla 2.16.10
mozilla bugzilla 2.16.3
mozilla bugzilla 2.17.5
mozilla bugzilla 2.16
mozilla bugzilla 2.18.2
mozilla bugzilla 2.18.4
mozilla bugzilla 2.18
mozilla bugzilla 2.19
mozilla bugzilla 2.18.9
mozilla bugzilla 2.20
mozilla bugzilla 2.21
mozilla bugzilla 2.20.4
mozilla bugzilla 2.22
mozilla bugzilla 2.22.5
mozilla bugzilla 2.22.6
mozilla bugzilla 3.2
mozilla bugzilla 2.14.5
mozilla bugzilla 2.14.2
mozilla bugzilla 2.16.6
mozilla bugzilla 2.16.11
mozilla bugzilla 2.16_rc2
mozilla bugzilla 2.17.3
mozilla bugzilla 2.17.4
mozilla bugzilla 2.18.1
mozilla bugzilla 2.18.6
mozilla bugzilla 2.18.8
mozilla bugzilla 2.18.7
mozilla bugzilla 2.19.3
mozilla bugzilla 2.20.1
mozilla bugzilla 2.20.5
mozilla bugzilla 2.21.2
mozilla bugzilla 2.22.3
mozilla bugzilla 2.22.4
mozilla bugzilla 3.0.5
mozilla bugzilla 3.0.6
mozilla bugzilla 2.12
mozilla bugzilla 2.14
mozilla bugzilla 2.14.3
mozilla bugzilla 2.16.5
mozilla bugzilla 2.16.2
mozilla bugzilla 2.16.1
mozilla bugzilla 2.17.6
mozilla bugzilla 2.16.9
mozilla bugzilla 2.18.3
mozilla bugzilla 2.18.5
mozilla bugzilla 2.19.1
mozilla bugzilla 2.20.2
mozilla bugzilla 2.20.3
mozilla bugzilla 2.21.1
mozilla bugzilla 3.0.0
mozilla bugzilla 3.0.1
mozilla bugzilla 3.3.1
mozilla bugzilla 2.10
mozilla bugzilla 2.16.4
mozilla bugzilla 2.16.7
mozilla bugzilla 2.16.8
mozilla bugzilla 2.17.2
mozilla bugzilla 2.17
mozilla bugzilla 2.17.1
mozilla bugzilla 2.17.7
mozilla bugzilla 2.19.2
mozilla bugzilla 2.20.6
mozilla bugzilla 2.22.1
mozilla bugzilla 2.22.2
mozilla bugzilla 3.0.2
mozilla bugzilla 3.0.3
mozilla bugzilla 3.0.4

CWE-79 http://www.bugzilla.org/security/2.22.6/http://www.securityfocus.com/bid/33580 http://secunia.com/advisories/34361 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://nvd.nist.gov

Get Started

CVE-2009-0481

Vulnerability Summary

References

Vulmon Search

About

Products

Connect