CVE-2011-3657

Bugzilla 2.x-3.x < 3.4.13, 3.5.x-3.6.x < 3.6.7, 3.7.x-4.0.x < 4.0.3, 4.1.x <= 4.1.3 - Cross-Site Scripting in Debug Mode

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart.

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.4.12/

Scores

EPSS 0.0157
EPSS Percentile 72.6%

Details

CWE
CWE-79
Status published
Products (45)
mozilla/bugzilla 2.0
mozilla/bugzilla 2.2
mozilla/bugzilla 2.4
mozilla/bugzilla 2.6
mozilla/bugzilla 2.8
mozilla/bugzilla 2.9
mozilla/bugzilla 2.10
mozilla/bugzilla 2.12
mozilla/bugzilla 2.14
mozilla/bugzilla 2.14.1
... and 35 more
Published Jan 02, 2012
Tracked Since Feb 18, 2026