CVE-2009-0481

Bugzilla <3.22.7-3.3.2 - XSS

Title source: llm

Description

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.

References (5)

[Third Party Advisory] http://secunia.com/advisories/34361

[Issue Tracking] http://www.bugzilla.org/security/2.22.6/

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33580

Scores

EPSS 0.0023

EPSS Percentile 45.7%

Classification

CWE

CWE-79

Status published

Affected Products (50)

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

mozilla/bugzilla

... and 35 more

Timeline

Published Feb 09, 2009

Tracked Since Feb 18, 2026