Bugzilla versions 2.16rc1 to 4.4.11 and 4.5.1 to 5.0.2 suffer from a cross site scripting vulnerability.
b5b557c9a96230c03f35334bcabd0cbadd09684f233600dafc8de9a79dd18b6bBugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.
9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69Bugzilla Security Advisory - Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.
0d0e7c27532f6562403faf6ddb1249c6fce16ba6525feadfe7c92217191a6748Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.
e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5bBugzilla Security Advisory - Multiple cross site scripting and cross site request forgery vulnerabilities have been discovered and addressed in various versions of Bugzilla.
943bffbd4c59491956254e396c5dddc10c25b0b775de07d14bd90dac0cbf7118Bugzilla suffers from multiple information leak and cross site scripting vulnerabilities. Various versions ranging from 2.x through 4.x are affected.
21672967035df2502939f68c6fb93cd188b821430fff628d2e01c963fba9c035Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.
a5d9eb97d8ed5caaa5684888b740b5cecb254605b98dce901b0bd2362f639636Bugzilla Security Advisory - Bugzilla versions 4.1.1 to 4.2.1, 4.3.1 suffer from a permission trust vulnerability. Bugzilla versions 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 leak the description of a private attachment.
ccbe41f39c39d46f4dd678d5b50b50f6b23d74222a0aadab053e8ce5c1e2b4dbBugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.
cd5bcb16d9fc77f836d09c3e0255fb95fd2cfe29cc6147822f65c77d60475b15Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.
05d5fac375a53e9e58bff5c4ff71d4dff9c0110dcca4550545e13c7ce7fe71d7Bugzilla Security Advisory - Bugzilla versions 2.20.1 and above suffer from a cross site scripting vulnerability. Version 2.23.3 suffers from a database password disclosure flaw.
bd0c4a12dd51f408be7b023cc02ae95aab38c12993a36d47007d685ec3cac8a8Bugzilla versions below 2.20 are susceptible to multiple information leaks.
57cd438a2820f029676c4439a217c2b29e6b506f7b887a2dd556c7fb869285dbBugzilla versions prior to 2.18.2 are susceptible to multiple information leak vulnerabilities.
1508db168c61c8f0b39f934929e4aeb10bf23f34aa5611dc6f2552a578166bb2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed