CVE-2013-0785
Bugzilla < 3.6.13 - Cross-Site Scripting via show_bug.cgi id Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=842038
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.12/
Scores
EPSS
0.0143
EPSS Percentile
70.1%
Details
CWE
CWE-79
Status
published
Products (42)
mozilla/bugzilla
3.6 (2 CPE variants)
mozilla/bugzilla
3.6.0
mozilla/bugzilla
3.6.1
mozilla/bugzilla
3.6.2
mozilla/bugzilla
3.6.3
mozilla/bugzilla
3.6.4
mozilla/bugzilla
3.6.5
mozilla/bugzilla
3.6.6
mozilla/bugzilla
3.6.7
mozilla/bugzilla
3.6.8
... and 32 more
Published
Feb 24, 2013
Tracked Since
Feb 18, 2026