Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0785

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0785
Last Modified 13 Dec 2013 12:11:31
Published 24 Feb 2013 06:48:22
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0785

Summary

Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.

Vulnerable Systems

Application

  • Mozilla Bugzilla 3.6

  • Mozilla Bugzilla 3.6.0

  • Mozilla Bugzilla 3.6.1

  • Mozilla Bugzilla 3.6.10

  • Mozilla Bugzilla 3.6.11

  • Mozilla Bugzilla 3.6.12

  • Mozilla Bugzilla 3.6.2

  • Mozilla Bugzilla 3.6.3

  • Mozilla Bugzilla 3.6.4

  • Mozilla Bugzilla 3.6.5

  • Mozilla Bugzilla 3.6.6

  • Mozilla Bugzilla 3.6.7

  • Mozilla Bugzilla 3.6.8

  • Mozilla Bugzilla 3.6.9

  • Mozilla Bugzilla 3.7

  • Mozilla Bugzilla 3.7.1

  • Mozilla Bugzilla 3.7.2

  • Mozilla Bugzilla 3.7.3

  • Mozilla Bugzilla 4.0

  • Mozilla Bugzilla 4.0.1

  • Mozilla Bugzilla 4.0.2

  • Mozilla Bugzilla 4.0.3

  • Mozilla Bugzilla 4.0.4

  • Mozilla Bugzilla 4.0.5

  • Mozilla Bugzilla 4.0.6

  • Mozilla Bugzilla 4.0.7

  • Mozilla Bugzilla 4.0.8

  • Mozilla Bugzilla 4.0.9

  • Mozilla Bugzilla 4.1

  • Mozilla Bugzilla 4.1.1

  • Mozilla Bugzilla 4.1.2

  • Mozilla Bugzilla 4.1.3

  • Mozilla Bugzilla 4.2

  • Mozilla Bugzilla 4.2.1

  • Mozilla Bugzilla 4.2.2

  • Mozilla Bugzilla 4.2.3

  • Mozilla Bugzilla 4.2.4

  • Mozilla Bugzilla 4.3

  • Mozilla Bugzilla 4.3.1

  • Mozilla Bugzilla 4.3.2

  • Mozilla Bugzilla 4.3.3

  • Mozilla Bugzilla 4.4


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=842038

CONFIRM - http://www.bugzilla.org/security/3.6.12/

MANDRIVA - MDVSA-2013:066


Last Updated: 27 May 2016 11:01:57