[Webapps-common-packages] Bug#440106: CVE-2007-4543: XSS vulnerability in bugzilla
Stefan Fritsch
sf at sfritsch.de
Wed Aug 29 19:47:10 UTC 2007
Package: bugzilla
Version: 2.22.1-2
Severity: important
Tags: security
>From CVE-2007-4543:
"Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla
2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1
allows remote attackers to inject arbitrary web script or HTML via the
buildid field in the "guided form.""
Please mention the CVE id in the changelog.
There are two more issues (CVE-2007-4539, CVE-2007-4538) which are only
present in newer versions of bugzilla. Please take care not to upload a
vulnerable version.
See http://www.bugzilla.org/security/2.20.4/ for details.
More information about the Webapps-common-packages
mailing list