CVE-2010-4570
Bugzilla 3.7.1-4.0rc1 - Cross-Site Scripting via Duplicate Detection Summary Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45982
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70702
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.2.9/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65179
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0271
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=619648
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0207
Various Sources x_refsource_misc
http://yuilibrary.com/projects/yui2/ticket/2529228
Various Sources x_refsource_misc
http://yuilibrary.com/forum/viewtopic.php?p=12923
Scores
EPSS
0.0174
EPSS Percentile
75.2%
Details
CWE
CWE-79
Status
published
Products (4)
mozilla/bugzilla
3.7.1
mozilla/bugzilla
3.7.2
mozilla/bugzilla
3.7.3
mozilla/bugzilla
4.0 rc1
Published
Jan 28, 2011
Tracked Since
Feb 18, 2026