Showing 1 - 3 of 3

CVE-2012-4189

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.

Related Files

Bugzilla Cross Site Request Forgery / Cross Site Scripting: Posted Oct 18, 2013; Authored by Frederic Buclin, Mateusz Goik, David Lawrence | Site bugzilla.org; Bugzilla Security Advisory - Multiple cross site scripting and cross site request forgery vulnerabilities have been discovered and addressed in various versions of Bugzilla.; tags | advisory, vulnerability, xss, csrf; advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743, CVE-2012-4189; SHA-256 | 943bffbd4c59491956254e396c5dddc10c25b0b775de07d14bd90dac0cbf7118; Download | Favorite | View

Mandriva Linux Security Advisory 2013-066: Posted Apr 8, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-066 - The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. Various other issues were also addressed.; tags | advisory, remote; systems | linux, mandriva; advisories | CVE-2012-1969, CVE-2012-3981, CVE-2012-4189, CVE-2012-4197, CVE-2012-4198, CVE-2012-4199, CVE-2012-5883, CVE-2013-0785, CVE-2013-0786; SHA-256 | e6cfe4b2630782972753b045d1d3e894e084dfcfd1de0180473c8bbad6ad3f7d; Download | Favorite | View

Bugzilla Information Leak / Cross Site Scripting: Posted Nov 15, 2012; Authored by Frederic Buclin, Mateusz Goik, Gervase Markham, David Lawrence | Site bugzilla.org; Bugzilla suffers from multiple information leak and cross site scripting vulnerabilities. Various versions ranging from 2.x through 4.x are affected.; tags | advisory, vulnerability, xss, info disclosure; advisories | CVE-2012-4199, CVE-2012-4198, CVE-2012-4189, CVE-2012-4197, CVE-2012-5475; SHA-256 | 21672967035df2502939f68c6fb93cd188b821430fff628d2e01c963fba9c035; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 63 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
malvuln 7 files
nu11secur1ty 7 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,583)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,746)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,657)
Other

CVE-2012-4189

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems