Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-07-31T04:00:00
Updated: 2024-08-08T03:03:48.554Z
Reserved: 2002-07-29T00:00:00
Link: CVE-2002-0807
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2008-09-10T19:12:55.930
Link: CVE-2002-0807
Redhat