CVSS: 5.8EPSS: 0%CPEs: 54EXPL: 0CVE-2009-0485
https://notcve.org/view.php?id=CVE-2009-0485
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.17 hasta v2.22.7, v3.0 anterior a v3.0.7, v3.2 anterior a v3.2.1, y v3.3 anterior a v3.3.2 permite a atacantes remotos eliminar tipos de banderas no utilizadas a través de un enlace o una etiqueta IMG a editflagtypes.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0484
https://notcve.org/view.php?id=CVE-2009-0484
Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en versiones de Bugzilla 3.0 anteriores a 3.0.7, 3.2 antes de 3.2.1, y 3.3 antes de 3.3.2 permite a atacantes remotos eliminar búsquedas guardadas o compartidas a través de un enlace o una etiqueta IMG a buglist.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466748 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 76EXPL: 0CVE-2009-0483
https://notcve.org/view.php?id=CVE-2009-0483
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.22 antes de v2.22.7, v3.0 antes de v3.0.7, 3.2 antes de v3.2.1 y v3.3 antes de v3.3.2, permite a atacantes remotos borrar las palabras clave y las preferencias de usuario mediante un enlace o una etiqueta IMG a (1) editkeywords.cgi o (2) userprefs.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://bugzilla.mozilla.org/show_bug.cgi?id=472362 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •