Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x prior to 4.2.7 and 4.3.x and 4.4.x prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 4.1.2 |
||
mozilla bugzilla 4.1 |
||
mozilla bugzilla 4.1.1 |
||
mozilla bugzilla 4.1.3 |
||
mozilla bugzilla 4.3.1 |
||
mozilla bugzilla 4.3.2 |
||
mozilla bugzilla 4.3.3 |
||
mozilla bugzilla 4.3 |
||
mozilla bugzilla 4.2.4 |
||
mozilla bugzilla 4.2.2 |
||
mozilla bugzilla 4.2 |
||
mozilla bugzilla 4.2.5 |
||
mozilla bugzilla 4.2.3 |
||
mozilla bugzilla 4.2.1 |
||
mozilla bugzilla 4.4 |