CVSS: 4.3EPSS: 1%CPEs: 48EXPL: 1CVE-2008-2103
https://notcve.org/view.php?id=CVE-2008-2103
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. Vulnerabilidad de Secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.17.2 y versiones posteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente a través del parámetro id en la vista "Format for Printing" (Vista preliminar) o en la lista bug "Long Format" (Formato largo). • http://secunia.com/advisories/30064 http://secunia.com/advisories/30167 http://www.bugzilla.org/security/2.20.5 http://www.securityfocus.com/bid/29038 http://www.securitytracker.com/id?1019967 http://www.vupen.com/english/advisories/2008/1428/references https://bugzilla.mozilla.org/show_bug.cgi?id=425665 https://exchange.xforce.ibmcloud.com/vulnerabilities/42216 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html https://www.redhat.com/archives/fedora-pa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 6%CPEs: 6EXPL: 1CVE-2007-4538
https://notcve.org/view.php?id=CVE-2007-4538
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. email_in.pl en Bugzilla 2.23.4 hasta la 3.0.0 permite a atacantes remotos ejecutar comandos de su elección a través de la opción -f (Dirección Desde) en la función Email::Send::Sendmail, probablemente afectando al interprete de comandos de metacaracteres. • http://osvdb.org/37203 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386860 https://exchange.xforce.ibmcloud.com/ •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 1CVE-2007-4539
https://notcve.org/view.php?id=CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. La interfaz WebService (XML-RPC) en Bugzilla 2.23.3 hasta la 3.0.0 no hace cumplir los permisos para los campos time-tracking de los fallos (bugs), lo cual permite a atacantes remotos obtener información sensible a través de ciertas respuestas XML-RPC, como se demostró por los campos (1) Deadline y (2) Estimated Time. • http://osvdb.org/37202 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=382056 https://exchange.xforce.ibmcloud.com/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 30EXPL: 1CVE-2007-4543
https://notcve.org/view.php?id=CVE-2007-4543
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en enter_bug.cgi en Bugzilla 2.17.1 hasta la 2.20.4, 2.22.x anterior a 2.22.3, y 3.x anterior a 3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo buildid en la "forma dirigida". • http://osvdb.org/37201 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386942 https://exchange.xforce.ibmcloud.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2007-0791
https://notcve.org/view.php?id=CVE-2007-0791
Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en feeds de Atom en Bugzilla 2.20.3, 2.22.1, y 2.23.3, y versiones anteriores a 2.20.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://osvdb.org/33090 http://secunia.com/advisories/24031 http://securityreason.com/securityalert/2222 http://securitytracker.com/id?1017585 http://www.bugzilla.org/security/2.20.3 http://www.securityfocus.com/archive/1/459025/100/0/threaded http://www.securityfocus.com/bid/22380 http://www.vupen.com/english/advisories/2007/0477 https://exchange.xforce.ibmcloud.com/vulnerabilities/32248 •