Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2013-10-24T10:00:00Z
Updated: 2024-09-16T22:16:04.332Z
Reserved: 2013-02-13T00:00:00Z
Link: CVE-2013-1743
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-10-24T10:53:09.567
Modified: 2013-10-24T23:28:37.510
Link: CVE-2013-1743
Redhat
No data.