Cross-Site Scripting Vulnerabilities in Bugzilla by Mozilla
CVE-2013-1742

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 24 October 2013

What is CVE-2013-1742?

Multiple cross-site scripting vulnerabilities exist in the editflagtypes.cgi component of Bugzilla. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML through parameters such as 'id' or 'sortkey'. This exploitation can lead to unauthorized actions on behalf of users, making it imperative for organizations using Bugzilla to update to the latest versions to mitigate potential risks.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=924802

x_refsource_CONFIRM

http://www.bugzilla.org/security/4.0.10/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013