CVE-2006-5453

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

Reference

http://secunia.com/advisories/22409
http://secunia.com/advisories/22790
http://secunia.com/advisories/22826
http://security.gentoo.org/glsa/glsa-200611-04.xml
http://securityreason.com/securityalert/1760
http://securitytracker.com/id?1017063
http://www.bugzilla.org/security/2.18.5/
http://www.debian.org/security/2006/dsa-1208
http://www.osvdb.org/29544
http://www.osvdb.org/29545
http://www.osvdb.org/29549
http://www.securityfocus.com/archive/1/448777/100/100/threaded
http://www.securityfocus.com/bid/20538
http://www.vupen.com/english/advisories/2006/4035
https://bugzilla.mozilla.org/show_bug.cgi?id=206037
https://bugzilla.mozilla.org/show_bug.cgi?id=330555
https://bugzilla.mozilla.org/show_bug.cgi?id=355728
https://exchange.xforce.ibmcloud.com/vulnerabilities/29610
https://exchange.xforce.ibmcloud.com/vulnerabilities/29619

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-10-2018 - 21:43

Objavljeno

23-10-2006 - 17:07