 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2007-4543 |
| Description: | Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-4543 BugTraq ID: 25425 http://www.securityfocus.com/bid/25425 Bugtraq: 20070823 Security Advisory for Bugzilla 3.0, 2.22.1, and 2.20.4 (Google Search) http://www.securityfocus.com/archive/1/477630/100/0/threaded http://security.gentoo.org/glsa/glsa-200709-18.xml https://bugzilla.mozilla.org/show_bug.cgi?id=386942 http://osvdb.org/37201 http://www.securitytracker.com/id?1018604 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://www.vupen.com/english/advisories/2007/2977 XForce ISS Database: bugzilla-buildid-xss(36241) https://exchange.xforce.ibmcloud.com/vulnerabilities/36241 |