CVE-2012-0466
Bugzilla 2.x-3.x < 3.6.9, 3.7.x-4.0.x < 4.0.6, 4.1.x-4.2.x < 4.2.1 - Cross-Site Scripting via Multiple Login Handling
Title source: llmDescription
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html
Scores
EPSS
0.0085
EPSS Percentile
54.1%
Details
CWE
CWE-264
Status
published
Products (45)
mozilla/bugzilla
2.0
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.10
mozilla/bugzilla
2.12
mozilla/bugzilla
2.14
mozilla/bugzilla
2.14.1
... and 35 more
Published
Apr 27, 2012
Tracked Since
Feb 18, 2026