Cross-Site Scripting Flaw in Bugzilla Affects Multiple Versions
CVE-2015-8508
4.7MEDIUM
What is CVE-2015-8508?
A cross-site scripting vulnerability exists in Bugzilla affecting several versions, allowing attackers to inject arbitrary web scripts or HTML. This occurs through a local dot configuration and can be triggered by crafting a malicious bug summary. Users of affected Bugzilla versions should apply updates to mitigate potential exploit risks.
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved