CVE-2010-4570

Bugzilla 3.7.1-4.0rc1 - Cross-Site Scripting via Duplicate Detection Summary Field

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45982
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70702
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.2.9/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65179
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0271
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0207
Various Sources x_refsource_misc
http://yuilibrary.com/projects/yui2/ticket/2529228
Various Sources x_refsource_misc
http://yuilibrary.com/forum/viewtopic.php?p=12923

Scores

EPSS 0.0174
EPSS Percentile 75.2%

Details

CWE
CWE-79
Status published
Products (4)
mozilla/bugzilla 3.7.1
mozilla/bugzilla 3.7.2
mozilla/bugzilla 3.7.3
mozilla/bugzilla 4.0 rc1
Published Jan 28, 2011
Tracked Since Feb 18, 2026