Lucene search

Ubuntu.comUB:CVE-2004-0705

HistoryJul 27, 2004 - 12:00 a.m.

CVE-2004-0705

2004-07-2700:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

75.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (1)
editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4)
editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla
2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to
execute arbitrary JavaScript as other users via a URL parameter.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchbugzilla< 2.20-1UNKNOWN
ubuntu6.10noarchbugzilla< 2.20-1UNKNOWN
ubuntu7.04noarchbugzilla< 2.20-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	bugzilla	< 2.20-1	UNKNOWN
ubuntu	6.10	noarch	bugzilla	< 2.20-1	UNKNOWN
ubuntu	7.04	noarch	bugzilla	< 2.20-1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2004-0705

nvd.nist.gov/vuln/detail/CVE-2004-0705

security-tracker.debian.org/tracker/CVE-2004-0705

www.cve.org/CVERecord?id=CVE-2004-0705

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

75.4%

JSON

Related for UB:CVE-2004-0705