CVE-2012-0466

Sažetak

template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html
https://bugzilla.mozilla.org/show_bug.cgi?id=745397

CVSS

Base:	4.0
Impact:	4.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

14-08-2012 - 03:34

Objavljeno

27-04-2012 - 20:55