CVE-2003-0602
Published Aug 27, 2003
Last updated 16 years ago
Overview
- Description
- Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19F19219-3AFD-4D8E-B02B-BFCBD1BC7C36"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B900D9A7-913A-4176-90CF-C7C3B09A4261"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B2FC5C7-B218-4B87-9805-F90AC0E7A281"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBCDA64F-C49A-4F5B-B285-4079D8E3A499"
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85ED3457-CC21-4DB3-931F-677F723E1B2A"
}
],
"operator": "OR"
}
]
}
]