Bugzilla Security Advisory - Bugzilla versions 3.2.8, 3.4.8, 3.6.2 and 3.7.3 suffer from multiple vulnerabilities. There is a way to inject both headers and content to users, causing a serious cross site scripting vulnerability. It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names. YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.
e7d0524af824b3816763453eecc8f33faf4415672e59e713cf2be6dab567cefdBugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.
05d5fac375a53e9e58bff5c4ff71d4dff9c0110dcca4550545e13c7ce7fe71d7Bugzilla Security Advisory - Bugzilla versions 2.20.1 and above suffer from a cross site scripting vulnerability. Version 2.23.3 suffers from a database password disclosure flaw.
bd0c4a12dd51f408be7b023cc02ae95aab38c12993a36d47007d685ec3cac8a8Bugzilla versions below 2.20 are susceptible to multiple information leaks.
57cd438a2820f029676c4439a217c2b29e6b506f7b887a2dd556c7fb869285db
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed