Lucene search
HistoryNov 16, 2012 - 12:24 p.m.
CVE-2012-4189
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.002
Percentile
57.6%
Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.
Affected configurations
Node
mozillabugzillaMatch4.1
ORmozillabugzillaMatch4.1.1
ORmozillabugzillaMatch4.1.2
ORmozillabugzillaMatch4.1.3
Node
mozillabugzillaMatch4.2
ORmozillabugzillaMatch4.2rc1
ORmozillabugzillaMatch4.2rc2
ORmozillabugzillaMatch4.2.1
ORmozillabugzillaMatch4.2.2
ORmozillabugzillaMatch4.2.3
Node
mozillabugzillaMatch4.3
ORmozillabugzillaMatch4.3.1
ORmozillabugzillaMatch4.3.2
ORmozillabugzillaMatch4.3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | 4.1 | cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.1.1 | cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.1.2 | cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.1.3 | cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.2 | cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.2 | cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:* |
| mozilla | bugzilla | 4.2 | cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:* |
| mozilla | bugzilla | 4.2.1 | cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.2.2 | cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 4.2.3 | cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:* |
Related
exploitpack
exploitpack
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
2013-10-09 00:00:00
cvelist
cvelist
CVE-2012-4189
2012-11-16 11:00:00
CVE-2013-1743
2013-10-24 10:00:00
ubuntucve
ubuntucve
CVE-2012-4189
2012-11-16 00:00:00
CVE-2013-1743
2013-10-24 00:00:00
cve
cve
CVE-2012-4189
2012-11-16 12:24:24
CVE-2013-1743
2013-10-24 10:53:09
prion
prion
Cross site scripting
2012-11-16 12:24:00
Cross site scripting
2013-10-24 10:53:00
exploitdb
exploitdb
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
2013-10-09 00:00:00
nvd
nvd
CVE-2013-1743
2013-10-24 10:53:09
nessus
nessus
Fedora 19 : bugzilla-4.2.7-1.fc19 (2013-19480)
2013-10-29 00:00:00
Fedora 18 : bugzilla-4.2.7-1.fc18 (2013-19458)
2013-10-29 00:00:00
Fedora 20 : bugzilla-4.2.7-1.fc20 (2013-19402)
2013-11-11 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2013-19480
2013-10-29 00:00:00
FreeBSD Ports: bugzilla
2012-11-26 00:00:00
Fedora Update for bugzilla FEDORA-2013-19480
2013-10-29 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: bugzilla-4.2.7-1.fc19
2013-10-29 03:47:45
[SECURITY] Fedora 20 Update: bugzilla-4.2.7-1.fc20
2013-11-10 07:27:24
[SECURITY] Fedora 18 Update: bugzilla-4.2.7-1.fc18
2013-10-29 03:46:48
securityvulns
securityvulns
Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12
2012-11-18 00:00:00
Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
2013-10-27 00:00:00
[ MDVSA-2013:285 ] bugzilla
2013-12-09 00:00:00
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2013-10-16 00:00:00
bugzilla -- multiple vulnerabilities
2012-11-13 00:00:00
mageia
mageia
Updated bugzilla package fixes multiple vulnerabilities
2014-05-02 21:50:55
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.002
Percentile
57.6%
Related for NVD:CVE-2012-4189