AI Score
Confidence
High
EPSS
Percentile
87.1%
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040
lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html
www.mikx.de/index.php?p=6
www.securityfocus.com/bid/12154
bugzilla.mozilla.org/show_bug.cgi?id=272620
exchange.xforce.ibmcloud.com/vulnerabilities/18728