Vulnerabilities > Mozilla > Bugzilla > 2.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-09 | CVE-2009-0481 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. | 3.5 |
| 2007-02-06 | CVE-2007-0791 | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network mozilla | 4.3 |
| 2006-10-23 | CVE-2006-5455 | Input Validation and Information disclosure vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | 2.6 |
| 2006-05-16 | CVE-2006-2420 | Cross-Site Scripting vulnerability in Mozilla Bugzilla 2.20/2.21/2.21.1 Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. | 4.3 |
| 2006-02-28 | CVE-2006-0916 | Information Disclosure vulnerability in Bugzilla User Credentials Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | 7.5 |
| 2006-02-28 | CVE-2006-0913 | SQL Injection vulnerability in Bugzilla Whinedays SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. | 5.5 |
| 2005-10-05 | CVE-2005-3139 | Information Disclosure vulnerability in Bugzilla User-Matching Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | 5.0 |
| 2005-10-05 | CVE-2005-3138 | Information Disclosure vulnerability in Bugzilla config.cgi Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | 5.0 |