CVE-2006-5453

2006-10-2300:00:00

ubuntu.com

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

47.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x
before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x
before 2.23.3 allow remote authenticated users to inject arbitrary web
script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in
global/header.html.tmpl, (2) description fields of certain items in various
edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

OSVersionArchitecturePackageVersionFilename
ubuntu7.04noarchbugzilla< 2.22.1-2UNKNOWN
ubuntu7.10noarchbugzilla< 2.22.1-2UNKNOWN
ubuntu8.04noarchbugzilla< 2.22.1-2UNKNOWN
ubuntu8.10noarchbugzilla< 2.22.1-2UNKNOWN
ubuntu9.04noarchbugzilla< 2.22.1-2UNKNOWN
ubuntu9.10noarchbugzilla< 2.22.1-2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.04	noarch	bugzilla	< 2.22.1-2	UNKNOWN
ubuntu	7.10	noarch	bugzilla	< 2.22.1-2	UNKNOWN
ubuntu	8.04	noarch	bugzilla	< 2.22.1-2	UNKNOWN
ubuntu	8.10	noarch	bugzilla	< 2.22.1-2	UNKNOWN
ubuntu	9.04	noarch	bugzilla	< 2.22.1-2	UNKNOWN
ubuntu	9.10	noarch	bugzilla	< 2.22.1-2	UNKNOWN