CVE-2013-1742
Bugzilla 2.x-4.0.10, 4.1.x-4.2.6, 4.3.x-4.4.0 - Cross-Site Scripting via editflagtypes.cgi id or sortkey Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-1742. PoCs published by Mateusz Goik.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Bugzilla by injecting malicious script tags into the 'id' and 'sortkey' parameters of the 'editflagtypes.cgi' endpoint. The vulnerability arises due to insufficient input sanitization.
Description
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Bugzilla by injecting malicious script tags into the 'id' and 'sortkey' parameters of the 'editflagtypes.cgi' endpoint. The vulnerability arises due to insufficient input sanitization.