Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:bugzilla:3.1.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-6098 |
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." Published: February 09, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2008-4437 |
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. Published: October 03, 2008; 6:22:45 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-2103 |
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. Published: May 07, 2008; 4:20:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-2104 |
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. Published: May 07, 2008; 4:20:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |