Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 4.0.2 |
||
mozilla bugzilla 4.0.3 |
||
mozilla bugzilla 4.0.4 |
||
mozilla bugzilla 4.1.1 |
||
mozilla bugzilla 4.1.2 |
||
mozilla bugzilla 4.2 |
||
mozilla bugzilla 4.1.3 |