| Vulnerability Name: | CVE-2002-0807 (CCN-9304) | ||||||||
| Assigned: | 2002-06-08 | ||||||||
| Published: | 2002-06-08 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: FreeBSD Security Notice FreeBSD-SN-02:05 security issues in ports Source: BUGTRAQ Type: Patch, Vendor Advisory 20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Source: CCN Type: Bugzilla Web site Bug 146447 - cross-site scripting bug with bugzilla user's name Source: CONFIRM Type: UNKNOWN http://bugzilla.mozilla.org/show_bug.cgi?id=146447 Source: MITRE Type: CNA CVE-2002-0807 Source: CCN Type: RHSA-2002-109 Updated bugzilla packages fix security issues Source: XF Type: UNKNOWN bugzilla-real-name-xss(9304) Source: CCN Type: OSVDB ID: 6356 Bugzilla bug_form.pl Full Name Parameter XSS Source: BID Type: UNKNOWN 4964 Source: CCN Type: BID-4964 Multiple Bugzilla Security Vulnerabilities Source: XF Type: UNKNOWN bugzilla-real-name-xss(9304) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||