CVE-2002-0807

2002-07-3104:00:00

mitre

www.cve.org

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

77.6%

JSON

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

References

archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

bugzilla.mozilla.org/show_bug.cgi?id=146447

www.iss.net/security_center/static/9304.php

www.securityfocus.com/bid/4964