Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4543

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4543
Last Modified 07 Mar 2011 09:58:44
Published 27 Aug 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4543

Summary

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.17.1

  • Mozilla Bugzilla 2.17.3

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.17.5

  • Mozilla Bugzilla 2.17.6

  • Mozilla Bugzilla 2.17.7

  • Mozilla Bugzilla 2.18

  • Mozilla Bugzilla 2.18.1

  • Mozilla Bugzilla 2.18.2

  • Mozilla Bugzilla 2.18.3

  • Mozilla Bugzilla 2.18.4

  • Mozilla Bugzilla 2.18.5

  • Mozilla Bugzilla 2.19

  • Mozilla Bugzilla 2.19.1

  • Mozilla Bugzilla 2.19.2

  • Mozilla Bugzilla 2.19.3

  • Mozilla Bugzilla 2.20

  • Mozilla Bugzilla 2.20.1

  • Mozilla Bugzilla 2.20.2

  • Mozilla Bugzilla 2.20.3

  • Mozilla Bugzilla 2.22

  • Mozilla Bugzilla 2.22.1

  • Mozilla Bugzilla 2.22.2

  • Mozilla Bugzilla 3.0.0


References

BID - 25425

SECUNIA - 26584

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=386942

VUPEN - ADV-2007-2977

CONFIRM - http://www.bugzilla.org/security/2.20.4/

OSVDB - 37201

XF - bugzilla-buildid-xss(36241)

SECTRACK - 1018604

BUGTRAQ - 20070823 Security Advisory for Bugzilla 3.0, 2.22.1, and 2.20.4

GENTOO - GLSA-200709-18

SECUNIA - 26971


Last Updated: 27 May 2016 10:45:54