Cross-Site Scripting Flaw in Bugzilla Affects Multiple Versions

CVE-2015-8508

What is CVE-2015-8508?

A cross-site scripting vulnerability exists in Bugzilla affecting several versions, allowing attackers to inject arbitrary web scripts or HTML. This occurs through a local dot configuration and can be triggered by crafting a malicious bug summary. Users of affected Bugzilla versions should apply updates to mitigate potential exploit risks.

References