CVE-2003-0602

Sažetak

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
http://www.bugzilla.org/security/2.16.2/
http://www.securityfocus.com/bid/6861
http://www.securityfocus.com/bid/6868

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 20:34

Objavljeno

27-08-2003 - 04:00