Vulnerabilities > Mozilla > Bugzilla > 2.22.2

DATE CVE VULNERABILITY TITLE RISK
2009-02-09 CVE-2009-0482 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0481 Cross-Site Scripting vulnerability in Mozilla Bugzilla
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.
network
mozilla CWE-79
3.5
3.5
2008-10-03 CVE-2008-4437 Path Traversal vulnerability in Mozilla Bugzilla
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a ..
network
mozilla CWE-22
7.1
7.1
2008-05-07 CVE-2008-2105 Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header.
network
mozilla CWE-264
3.5
3.5
2008-05-07 CVE-2008-2103 Cross-Site Scripting vulnerability in Mozilla Bugzilla
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
network
mozilla CWE-79
4.3
4.3
2007-08-27 CVE-2007-4543 Cross-Site Scripting vulnerability in Mozilla Bugzilla
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."
network
mozilla CWE-79
4.3
4.3