CVE-2012-0466

Bugzilla 2.x-3.x < 3.6.9, 3.7.x-4.0.x < 4.0.6, 4.1.x-4.2.x < 4.2.1 - Cross-Site Scripting via Multiple Login Handling

Title source: llm
STIX 2.1

Description

template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.

References (5)

Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html

Scores

EPSS 0.0085
EPSS Percentile 54.1%

Details

CWE
CWE-264
Status published
Products (45)
mozilla/bugzilla 2.0
mozilla/bugzilla 2.2
mozilla/bugzilla 2.4
mozilla/bugzilla 2.6
mozilla/bugzilla 2.8
mozilla/bugzilla 2.9
mozilla/bugzilla 2.10
mozilla/bugzilla 2.12
mozilla/bugzilla 2.14
mozilla/bugzilla 2.14.1
... and 35 more
Published Apr 27, 2012
Tracked Since Feb 18, 2026