Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0807

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0807
Last Modified 10 Sep 2008 03:12:55
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0807

Summary

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.16


References

BUGTRAQ - 20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2

XF - bugzilla-real-name-xss(9304)

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=146447

BID - 4964


Last Updated: 27 May 2016 10:37:04