4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.0%
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9,
3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not
properly handle multiple logins, which allows remote attackers to conduct
cross-site scripting (XSS) attacks and obtain sensitive bug information via
a crafted web page.