Vulnerabilities > Mozilla > Bugzilla > 2.22.5

DATE CVE VULNERABILITY TITLE RISK
2009-02-09 CVE-2009-0485 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0483 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0482 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
network
mozilla CWE-352
5.8
5.8
2009-02-09 CVE-2009-0481 Cross-Site Scripting vulnerability in Mozilla Bugzilla
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.
network
mozilla CWE-79
3.5
3.5