Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote malicious users to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 3.7.1 |
||
mozilla bugzilla 3.7.2 |
||
mozilla bugzilla 3.7.3 |
||
mozilla bugzilla 4.0 |