|
|
CVE Reference: CVE-2006-2420 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2420 |
|
|
Description: Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather due to design or documentation inconsistencies within RSS, or implementation vulnerabilities in RSS readers. While this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24820 SAID Secunia Advisory: SA18979 OSVDB 23379 CONFIRM http://www.bugzilla.org/security/2.18.4 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=112818466125484&w=2 |
|
| Return to the previous page. |
