Vulnerability CVE-2004-1061 - CERT Civis.Net

Vulnerability Name:

CVE-2004-1061 (CCN-18728)

Assigned:

2004-11-23

Published:

2005-01-04

Updated:

2017-07-11

Summary:

Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-1061

Source: CONECTIVA
Type: UNKNOWN
CLSA-2005:1040

Source: FULLDISC
Type: Vendor Advisory
20041223 Cross-Site Scripting - an industry-wide problem

Source: MISC
Type: Vendor Advisory
http://www.mikx.de/index.php?p=6

Source: CCN
Type: OSVDB ID: 12699
Bugzilla Internal Error Response XSS

Source: BID
Type: UNKNOWN
12154

Source: CCN
Type: BID-12154
Bugzilla Internal Error Cross-Site Scripting Vulnerability

Source: CCN
Type: Bugzilla Bug 272620
XSS vulnerability in internal error messages

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=272620

Source: XF
Type: UNKNOWN
bugzilla-xss(18728)

Source: XF
Type: UNKNOWN
bugzilla-xss(18728)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*

Denotes that component is vulnerable