Page 15 of 147 results (0.016 seconds)

CVSS: 3.5EPSS: 0%CPEs: 76EXPL: 0

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. Bugzilla v2.x anterior a v2.22.7, v3.0 anterior a v3.0.7, v3.2 anterior a v3.2.1 y v3.3 anterior a v3.3.2 ; permite a usuarios autenticados en remoto provocar una secuencia de comandos en sitios cruzados (XSS) y ataques relacionados al subir adjuntos HTML y JavaScript que son interpretados por los navegadores Web. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 54EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.17 hasta v2.22.7, v3.0 anterior a v3.0.7, v3.2 anterior a v3.2.1, y v3.3 anterior a v3.3.2 permite a atacantes remotos eliminar tipos de banderas no utilizadas a través de un enlace o una etiqueta IMG a editflagtypes.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en versiones de Bugzilla 3.0 anteriores a 3.0.7, 3.2 antes de 3.2.1, y 3.3 antes de 3.3.2 permite a atacantes remotos eliminar búsquedas guardadas o compartidas a través de un enlace o una etiqueta IMG a buglist.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466748 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.8EPSS: 0%CPEs: 76EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.22 antes de v2.22.7, v3.0 antes de v3.0.7, 3.2 antes de v3.2.1 y v3.3 antes de v3.3.2, permite a atacantes remotos borrar las palabras clave y las preferencias de usuario mediante un enlace o una etiqueta IMG a (1) editkeywords.cgi o (2) userprefs.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://bugzilla.mozilla.org/show_bug.cgi?id=472362 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 3

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. Vulnerabilidad de salto de directorio en importxml.pl de Bugzilla versiones anteriores a v2.22.5, y 3.x versiones anteriores a v3.0.5, cuando --attach_path está activo, permite a atacantes remotos leer ficheros de su elección a través de un fichero XML con .. (punto punto) en el elemento "data". • https://www.exploit-db.com/exploits/32228 http://secunia.com/advisories/31444 http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.4 http://www.securityfocus.com/bid/30661 http://www.securitytracker.com/id?1020668 http://www.vupen.com/english/advisories/2008/2344 https://bugzilla.mozilla.org/show_bug.cgi?id=437169 https://exchange.xforce.ibmcloud.com/vulnerabilities/44407 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •