CVE-2013-0785

Bugzilla < 3.6.13 - Cross-Site Scripting via show_bug.cgi id Parameter

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=842038
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.12/

Scores

EPSS 0.0143
EPSS Percentile 70.1%

Details

CWE
CWE-79
Status published
Products (42)
mozilla/bugzilla 3.6 (2 CPE variants)
mozilla/bugzilla 3.6.0
mozilla/bugzilla 3.6.1
mozilla/bugzilla 3.6.2
mozilla/bugzilla 3.6.3
mozilla/bugzilla 3.6.4
mozilla/bugzilla 3.6.5
mozilla/bugzilla 3.6.6
mozilla/bugzilla 3.6.7
mozilla/bugzilla 3.6.8
... and 32 more
Published Feb 24, 2013
Tracked Since Feb 18, 2026