Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-07-31T04:00:00

Updated: 2024-08-08T03:03:48.554Z

Reserved: 2002-07-29T00:00:00

Link: CVE-2002-0807

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2008-09-10T19:12:55.930

Link: CVE-2002-0807

cve-icon Redhat

Severity :

Publid Date: 2002-06-08T00:00:00Z

Links: CVE-2002-0807 - Bugzilla