CVE-2011-3657
Bugzilla 2.x-3.x < 3.4.13, 3.5.x-3.6.x < 3.6.7, 3.7.x-4.0.x < 4.0.3, 4.1.x <= 4.1.3 - Cross-Site Scripting in Debug Mode
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart.
References (3)
Core 3
Core References
Exploit x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=697699
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.4.12/
Scores
EPSS
0.0157
EPSS Percentile
72.6%
Details
CWE
CWE-79
Status
published
Products (45)
mozilla/bugzilla
2.0
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.10
mozilla/bugzilla
2.12
mozilla/bugzilla
2.14
mozilla/bugzilla
2.14.1
... and 35 more
Published
Jan 02, 2012
Tracked Since
Feb 18, 2026