Vulnerabilities > Mozilla > Bugzilla > 2.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-16 | CVE-2006-2420 | Cross-Site Scripting vulnerability in Mozilla Bugzilla 2.20/2.21/2.21.1 Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. | 4.3 |
| 2006-02-28 | CVE-2006-0916 | Information Disclosure vulnerability in Bugzilla User Credentials Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | 7.5 |
| 2006-02-28 | CVE-2006-0914 | Improper Input Validation vulnerability in Mozilla Bugzilla Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. | 5.5 |
| 2006-02-28 | CVE-2006-0913 | SQL Injection vulnerability in Bugzilla Whinedays SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. | 5.5 |
| 2005-10-05 | CVE-2005-3139 | Information Disclosure vulnerability in Bugzilla User-Matching Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | 5.0 |
| 2005-10-05 | CVE-2005-3138 | Information Disclosure vulnerability in Bugzilla config.cgi Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | 5.0 |