Vulnerabilities > Mozilla > Bugzilla > 2.22.4

DATE CVE VULNERABILITY TITLE RISK
2009-02-09 CVE-2009-0485 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0483 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0482 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0481 Cross-Site Scripting vulnerability in Mozilla Bugzilla
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.
network
mozilla CWE-79
3.5
3.5
2008-10-03 CVE-2008-4437 Path Traversal vulnerability in Mozilla Bugzilla
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a ..
network
mozilla CWE-22
7.1
7.1
2008-05-07 CVE-2008-2105 Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header.
network
mozilla CWE-264
3.5
3.5
2008-05-07 CVE-2008-2103 Cross-Site Scripting vulnerability in Mozilla Bugzilla
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
network
mozilla CWE-79
4.3
4.3