CVE-2007-4543

Bugzilla <3.0.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."

References (11)

[Third Party Advisory, VDB Entry] http://osvdb.org/37201

[Patch, Vendor Advisory] http://secunia.com/advisories/26584

[Issue Tracking] http://www.bugzilla.org/security/2.20.4/

[Exploit, Patch] http://www.securityfocus.com/bid/25425

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=386942

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36241

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/477630/100/0/threaded

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200709-18.xml

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018604

[Third Party Advisory] http://secunia.com/advisories/26971

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2977

Scores

EPSS 0.0077

EPSS Percentile 73.3%

Classification

CWE

CWE-79

Status draft

Affected Products (30)

mozilla/bugzilla

... and 15 more

Timeline

Published Aug 27, 2007

Tracked Since Feb 18, 2026