exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Bugzilla HTTP Response Splitting / Cross Site Scripting / Information Leak
Posted Nov 5, 2010
Authored by Max Kanat-Alexander | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.2.8, 3.4.8, 3.6.2 and 3.7.3 suffer from multiple vulnerabilities. There is a way to inject both headers and content to users, causing a serious cross site scripting vulnerability. It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names. YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.

tags | advisory, vulnerability, xss
advisories | CVE-2010-3172, CVE-2010-3764
SHA-256 | e7d0524af824b3816763453eecc8f33faf4415672e59e713cf2be6dab567cefd
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close