Vulnerabilities > Mozilla > Bugzilla > 3.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-03 | CVE-2008-4437 | Path Traversal vulnerability in Mozilla Bugzilla Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. | 7.1 |
2008-05-07 | CVE-2008-2104 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla 3.1.3 The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. | 4.0 |
2008-05-07 | CVE-2008-2103 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. | 4.3 |