Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2001-1402
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.redhat.com/support/errata/RHSA-2001-107.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=38854
- http://bugzilla.mozilla.org/show_bug.cgi?id=38855
- http://bugzilla.mozilla.org/show_bug.cgi?id=87701
- http://bugzilla.mozilla.org/show_bug.cgi?id=38859
- http://bugzilla.mozilla.org/show_bug.cgi?id=39536
- http://bugzilla.mozilla.org/show_bug.cgi?id=95235
- http://marc.info/?l=bugtraq&m=99912899900567