Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:bugzilla:2.22.6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-6098 |
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." Published: February 09, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2009-0485 |
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. Published: February 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-0483 |
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. Published: February 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-0482 |
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. Published: February 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-0481 |
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. Published: February 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |