Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the “Format for Printing” view or “Long Format” bug list.
secunia.com/advisories/30064
secunia.com/advisories/30167
www.bugzilla.org/security/2.20.5/
www.securityfocus.com/bid/29038
www.securitytracker.com/id?1019967
www.vupen.com/english/advisories/2008/1428/references
bugzilla.mozilla.org/show_bug.cgi?id=425665
exchange.xforce.ibmcloud.com/vulnerabilities/42216
www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html
www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html