Vulnerabilities > Mozilla > Bugzilla > 2.17.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-09 | CVE-2009-0481 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. | 3.5 |
2008-05-07 | CVE-2008-2105 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. | 3.5 |
2008-05-07 | CVE-2008-2103 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. | 4.3 |
2007-08-27 | CVE-2007-4543 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." | 4.3 |
2006-10-23 | CVE-2006-5455 | Input Validation and Information disclosure vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | 2.6 |
2006-02-28 | CVE-2006-0914 | Improper Input Validation vulnerability in Mozilla Bugzilla Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. | 5.5 |
2006-02-28 | CVE-2006-0913 | SQL Injection vulnerability in Bugzilla Whinedays SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. | 5.5 |
2005-07-08 | CVE-2005-2174 | Unspecified vulnerability in Mozilla Bugzilla Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. | 2.6 |
2005-07-08 | CVE-2005-2173 | Unspecified vulnerability in Mozilla Bugzilla The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | 5.0 |
2005-05-12 | CVE-2005-1565 | Information Disclosure vulnerability in Bugzilla Authentication Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. | 5.0 |