|
|
CVE Reference: CVE-2006-5453 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-5453 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/29610 http://xforce.iss.net/xforce/xfdb/29619 ST 1017063 SREASON http://securityreason.com/securityalert/1760 SAID Secunia Advisory: SA22409 Secunia Advisory: SA22790 Secunia Advisory: SA22826 OSVDB 29544 29549 29545 GENTOO http://security.gentoo.org/glsa/glsa-200611-04.xml DEBIAN http://www.debian.org/security/2006/dsa-1208 CONFIRM http://www.bugzilla.org/security/2.18.5/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/448777/100/100/threaded BID 20538 |
|
| Return to the previous page. |
