CVE-2012-4189
Bugzilla 4.1.x-4.2.x < 4.2.4 and 4.3.x-4.4.x < 4.4rc1 - Cross-Site Scripting via Tabular Report Field Value
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.
References (3)
Core 3
Core References
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.11/
Scores
EPSS
0.0104
EPSS Percentile
60.1%
Details
CWE
CWE-79
Status
published
Products (12)
mozilla/bugzilla
4.1
mozilla/bugzilla
4.1.1
mozilla/bugzilla
4.1.2
mozilla/bugzilla
4.1.3
mozilla/bugzilla
4.2 (3 CPE variants)
mozilla/bugzilla
4.2.1
mozilla/bugzilla
4.2.2
mozilla/bugzilla
4.2.3
mozilla/bugzilla
4.3
mozilla/bugzilla
4.3.1
... and 2 more
Published
Nov 16, 2012
Tracked Since
Feb 18, 2026