Cross-Site Scripting Vulnerabilities in Bugzilla by Mozilla
CVE-2013-1743

Currently unrated

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
24 October 2013

What is CVE-2013-1743?

Multiple cross-site scripting (XSS) vulnerabilities exist in the report.cgi component of Bugzilla, allowing attackers to inject arbitrary web scripts or HTML. This flaw arises from improper handling of user-inputted data in fields like summary or real name, particularly when generating tabular reports. The vulnerabilities affect versions 4.1.x, 4.2.x before 4.2.7, 4.3.x, and 4.4.x prior to 4.4.1, presenting significant security risks if left unpatched.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=924932
x_refsource_CONFIRM
http://www.bugzilla.org/security/4.0.10/
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.