Lucene search
HistoryFeb 24, 2013 - 11:48 a.m.
CVE-2013-0785
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.6
Confidence
High
EPSS
0.002
Percentile
54.2%
Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.
Affected configurations
Node
mozillabugzillaRange≤3.6.12
ORmozillabugzillaMatch3.6
ORmozillabugzillaMatch3.6rc1
ORmozillabugzillaMatch3.6.0
ORmozillabugzillaMatch3.6.1
ORmozillabugzillaMatch3.6.2
ORmozillabugzillaMatch3.6.3
ORmozillabugzillaMatch3.6.4
ORmozillabugzillaMatch3.6.5
ORmozillabugzillaMatch3.6.6
ORmozillabugzillaMatch3.6.7
ORmozillabugzillaMatch3.6.8
ORmozillabugzillaMatch3.6.9
ORmozillabugzillaMatch3.6.10
ORmozillabugzillaMatch3.6.11
Node
mozillabugzillaMatch3.7
ORmozillabugzillaMatch3.7.1
ORmozillabugzillaMatch3.7.2
ORmozillabugzillaMatch3.7.3
Node
mozillabugzillaMatch4.0
ORmozillabugzillaMatch4.0rc1
ORmozillabugzillaMatch4.0rc2
ORmozillabugzillaMatch4.0.1
ORmozillabugzillaMatch4.0.2
ORmozillabugzillaMatch4.0.3
ORmozillabugzillaMatch4.0.4
ORmozillabugzillaMatch4.0.5
ORmozillabugzillaMatch4.0.6
ORmozillabugzillaMatch4.0.7
ORmozillabugzillaMatch4.0.8
ORmozillabugzillaMatch4.0.9
Node
mozillabugzillaMatch4.1
ORmozillabugzillaMatch4.1.1
ORmozillabugzillaMatch4.1.2
ORmozillabugzillaMatch4.1.3
Node
mozillabugzillaMatch4.2
ORmozillabugzillaMatch4.2rc1
ORmozillabugzillaMatch4.2rc2
ORmozillabugzillaMatch4.2.1
ORmozillabugzillaMatch4.2.2
ORmozillabugzillaMatch4.2.3
ORmozillabugzillaMatch4.2.4
Node
mozillabugzillaMatch4.3
ORmozillabugzillaMatch4.3.1
ORmozillabugzillaMatch4.3.2
ORmozillabugzillaMatch4.3.3
Node
mozillabugzillaMatch4.4rc1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | bugzilla | * | cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6 | cpe:2.3:a:mozilla:bugzilla:3.6:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6 | cpe:2.3:a:mozilla:bugzilla:3.6:rc1:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.0 | cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.1 | cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.2 | cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.3 | cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.4 | cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.5 | cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:* |
| mozilla | bugzilla | 3.6.6 | cpe:2.3:a:mozilla:bugzilla:3.6.6:*:*:*:*:*:*:* |
Related
openvas
openvas
Fedora Update for bugzilla FEDORA-2013-2866
2013-03-19 00:00:00
Fedora Update for bugzilla FEDORA-2013-2866
2013-03-19 00:00:00
Bugzilla Information Disclosure and Cross-Site Scripting Vulnerabilities
2013-03-01 00:00:00
nessus
nessus
Bugzilla show_bug.cgi id Parameter XSS
2013-02-25 00:00:00
FreeBSD : bugzilla -- multiple vulnerabilities (1c8a039b-7b23-11e2-b17b-20cf30e32f6d)
2013-02-21 00:00:00
Bugzilla < 3.6.13 / 4.0.10 / 4.2.5 / 4.4rc2 Multiple Vulnerabilities
2013-02-25 00:00:00
ubuntucve
ubuntucve
CVE-2013-0785
2013-02-24 00:00:00
cvelist
cvelist
CVE-2013-0785
2013-02-24 11:00:00
cve
cve
CVE-2013-0785
2013-02-24 11:48:22
prion
prion
Cross site scripting
2013-02-24 11:48:00
fedora
fedora
[SECURITY] Fedora 18 Update: bugzilla-4.2.5-1.fc18
2013-03-17 00:59:41
[SECURITY] Fedora 17 Update: bugzilla-4.0.10-1.fc17
2013-03-17 01:07:54
[SECURITY] Fedora 18 Update: bugzilla-4.2.7-1.fc18
2013-10-29 03:46:48
freebsd
freebsd
bugzilla -- multiple vulnerabilities
2013-02-19 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.6
Confidence
High
EPSS
0.002
Percentile
54.2%
Related for NVD:CVE-2013-0785