ID CVE-2004-1061
Summary Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
References
Vulnerable Configurations
  • Mozilla Bugzilla 2.16.1
    cpe:2.3:a:mozilla:bugzilla:2.16.1
  • Mozilla Bugzilla 2.16.10
    cpe:2.3:a:mozilla:bugzilla:2.16.10
  • Mozilla Bugzilla 2.16.11
    cpe:2.3:a:mozilla:bugzilla:2.16.11
  • Mozilla Bugzilla 2.16.2
    cpe:2.3:a:mozilla:bugzilla:2.16.2
  • Mozilla Bugzilla 2.16.3
    cpe:2.3:a:mozilla:bugzilla:2.16.3
  • Mozilla Bugzilla 2.16.4
    cpe:2.3:a:mozilla:bugzilla:2.16.4
  • Mozilla Bugzilla 2.16.5
    cpe:2.3:a:mozilla:bugzilla:2.16.5
  • Mozilla Bugzilla 2.16.6
    cpe:2.3:a:mozilla:bugzilla:2.16.6
  • Mozilla Bugzilla 2.16.7
    cpe:2.3:a:mozilla:bugzilla:2.16.7
  • Mozilla Bugzilla 2.16.8
    cpe:2.3:a:mozilla:bugzilla:2.16.8
  • Mozilla Bugzilla 2.16.9
    cpe:2.3:a:mozilla:bugzilla:2.16.9
  • Mozilla Bugzilla 2.17
    cpe:2.3:a:mozilla:bugzilla:2.17
  • Mozilla Bugzilla 2.17.1
    cpe:2.3:a:mozilla:bugzilla:2.17.1
  • Mozilla Bugzilla 2.17.3
    cpe:2.3:a:mozilla:bugzilla:2.17.3
  • Mozilla Bugzilla 2.17.4
    cpe:2.3:a:mozilla:bugzilla:2.17.4
  • Mozilla Bugzilla 2.17.5
    cpe:2.3:a:mozilla:bugzilla:2.17.5
  • Mozilla Bugzilla 2.17.6
    cpe:2.3:a:mozilla:bugzilla:2.17.6
  • Mozilla Bugzilla 2.17.7
    cpe:2.3:a:mozilla:bugzilla:2.17.7
CVSS
Base: 4.3 (as of 17-06-2005 - 16:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family CGI abuses : XSS
    NASL id BUGZILLA_INTERNAL_ERROR_XSS.NASL
    description The remote host runs Bugzilla, a web-based bug tracking system. The remote Bugzilla installation, according to its version number, is vulnerable to a cross-site scripting attack when rendering internal errors containing user-supplied input.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 16206
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16206
    title Bugzilla Internal Error Response XSS
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_97C3A4526E3611D98324000A95BC6FAE.NASL
    description A Bugzilla advisory states : This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL unaltered in the page, allowing scripts embedded in the URL to execute.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 19041
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19041
    title FreeBSD : bugzilla -- XSS vulnerability (97c3a452-6e36-11d9-8324-000a95bc6fae)
refmap via4
bid 12154
conectiva CLSA-2005:1040
confirm https://bugzilla.mozilla.org/show_bug.cgi?id=272620
fulldisc 20041223 Cross-Site Scripting - an industry-wide problem
misc http://www.mikx.de/index.php?p=6
xf bugzilla-xss(18728)
Last major update 05-09-2008 - 16:40
Published 04-01-2005 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top