CVE-2002-0807 - Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could

CVE-2002-0807

Summary

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:12)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2002:109

refmap via4

bid	4964
bugtraq	20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
confirm	http://bugzilla.mozilla.org/show_bug.cgi?id=146447
xf	bugzilla-real-name-xss(9304)

Last major update

10-09-2008 - 19:12

Published

12-08-2002 - 04:00

Last modified

10-09-2008 - 19:12