- Description
- Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1883A98C-E595-4F3C-87BF-A63393F9F561"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD49E53A-5676-4FAC-A8A2-30FAC04C33D7"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5877CECA-F758-4F48-B4F4-2C4C1DF01FA0"
}
],
"operator": "OR"
}
]
}
]