Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE-79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
|
Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
4.3 |
|
AV:N/AC:M/Au:N/C:N/I:P/A:N |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 38807
Publication date : 2013-10-08 22h00 +00:00
Author : Mateusz Goik
EDB Verified : Yes
source: https://www.securityfocus.com/bid/63205/info
Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible.
Bugzilla versions 4.1.1 through 4.2.6, and 4.3.1 through 4.4 are vulnerable.
Note: This issue exists due to an incomplete fix for CVE-2012-4189 (identified in BID 56504 - Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities).
https://www.example.com/bugzilla-tip/report.cgi?x_axis_field=short_desc&y_axis_field=short_desc&z_axis_field=short_desc&no_redirect=1&query_format=report-table&short_desc_type=allwordssubstr&short_desc=&resolution=---&longdesc_type=allwordssubstr&longdesc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&deadlinefrom=&deadlineto=&bug_id=22386%2C22387&bug_id_type=anyexact&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailcc2=1&emailtype2=substring&email2=&emaillongdesc3=1&emailtype3=substring&email3=&chfieldvalue=&chfieldfrom=&chfieldto=Now&j_top=AND&f1=noop&o1=noop&v1=&format=table&action=wrap
Products Mentioned
Configuraton 0
Mozilla>>Bugzilla >> Version 4.1
Mozilla>>Bugzilla >> Version 4.1.1
Mozilla>>Bugzilla >> Version 4.1.2
Mozilla>>Bugzilla >> Version 4.1.3
Configuraton 0
Mozilla>>Bugzilla >> Version 4.2
Mozilla>>Bugzilla >> Version 4.2
Mozilla>>Bugzilla >> Version 4.2
Mozilla>>Bugzilla >> Version 4.2.1
Mozilla>>Bugzilla >> Version 4.2.2
Mozilla>>Bugzilla >> Version 4.2.3
Configuraton 0
Mozilla>>Bugzilla >> Version 4.3
Mozilla>>Bugzilla >> Version 4.3.1
Mozilla>>Bugzilla >> Version 4.3.2
Mozilla>>Bugzilla >> Version 4.3.3
References