Cross-Site Scripting in Bugzilla Affects Multiple Versions
CVE-2013-0785

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 24 February 2013

What is CVE-2013-0785?

This vulnerability allows remote attackers to exploit the Bugzilla application by injecting arbitrary web scripts or HTML. It is triggered through manipulating the 'id' parameter alongside an invalid 'format' parameter. Such an exploit could lead to unauthorized access and potentially severe impacts on users and data integrity. Updating to the latest versions is essential to mitigate the risks associated with this XSS issue.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://bugzilla.mozilla.org/show_bug.cgi?id=842038

x_refsource_CONFIRM

http://www.bugzilla.org/security/3.6.12/

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 24, 2013
Vulnerability Reserved
Jan 2, 2013

Mozilla

What is CVE-2013-0785?

References

Timeline