CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-1733 – Bugzilla Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-1733
18 Oct 2013 — Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Vulnerabilidad de CSRF en process_bug.cgi de Bugzilla 4.4.x anterior a la versión 4.4.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones que modifican fallos a través de vectores que involucren el token midair_collisi... • http://www.bugzilla.org/security/4.0.10 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 190EXPL: 1CVE-2013-1734 – Bugzilla Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-1734
18 Oct 2013 — Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Vulnerabilidad cross-site request forgery (CSRF) en attachment.cgi de Bugzilla 2.x, 3.x y 4.0.x (anteriores a 4.0.11); 4.1.x y 4.2.x (anteriores a 4.2.7), y 4.3.x y 4.4.x (anteriores a 4.4.1) perm... • http://www.bugzilla.org/security/4.0.10 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 190EXPL: 2CVE-2013-1742 – Bugzilla - 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1742
18 Oct 2013 — Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter. Múltiples vulnerabilidades de XSS en editflagtypes.cgi de Bugzilla 2.x, 3.x, y 4.0.x anterior a la versión 4.0.11; 4.1.x y 4.2.x anterior a 4.2.7; y 4.3.x y 4.4.x anterior a la versión 4.4.1 permite a atacantes remotos inyecta... • https://www.exploit-db.com/exploits/38806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 19EXPL: 1CVE-2013-1743 – Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-1743
18 Oct 2013 — Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. Múltiples vulnerabilidades XSS en report.cgi de Bugzilla 4.1.x y 4.2.x anterior a la versió... • https://www.exploit-db.com/exploits/38807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 47EXPL: 0CVE-2013-0785
https://notcve.org/view.php?id=CVE-2013-0785
24 Feb 2013 — Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter. Vulnerabilidad XSS en show_bug.cgi en Bugzilla anterior a v3.6.13, v3.7.x y v4.0.x anterior a v4.0.10, v4.1.x y v4.2.x anterior a v4.2.5, y v4.3.x y v4.4.x anterior a v4.4rc2, permite a a... • http://www.bugzilla.org/security/3.6.12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •