Lucene search
HistoryJan 04, 2005 - 5:00 a.m.
CVE-2004-1061
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.015
Percentile
87.1%
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
Affected configurations
Node
mozillabugzillaMatch2.16.1
ORmozillabugzillaMatch2.16.2
ORmozillabugzillaMatch2.16.3
ORmozillabugzillaMatch2.16.4
ORmozillabugzillaMatch2.16.5
ORmozillabugzillaMatch2.16.6
ORmozillabugzillaMatch2.16.7
ORmozillabugzillaMatch2.16.8
ORmozillabugzillaMatch2.16.9
ORmozillabugzillaMatch2.16.10
ORmozillabugzillaMatch2.16.11
ORmozillabugzillaMatch2.17
ORmozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
ORmozillabugzillaMatch2.17.5
ORmozillabugzillaMatch2.17.6
ORmozillabugzillaMatch2.17.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 2.16.1 | cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.2 | cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.3 | cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.4 | cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.5 | cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.6 | cpe:2.3:a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.7 | cpe:2.3:a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.8 | cpe:2.3:a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.9 | cpe:2.3:a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:* |
| mozilla | bugzilla | 2.16.10 | cpe:2.3:a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:* |
Related
openvas
openvas
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
nessus
nessus
Bugzilla Internal Error Response XSS
2005-01-19 00:00:00
freebsd
freebsd
bugzilla -- cross-site scripting vulnerability
2004-12-01 00:00:00
ubuntucve
ubuntucve
CVE-2004-1061
2005-01-04 00:00:00
cvelist
cvelist
CVE-2004-1061
2004-12-31 05:00:00
cve
cve
CVE-2004-1061
2005-01-04 05:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.015
Percentile
87.1%
Related for NVD:CVE-2004-1061