CVE-2016-2803

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 12 April 2017

Summary

Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

References

http://www.securityfocus.com/archive/1/538401/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://www.bugzilla.org/security/4.4.11/

x_refsource_CONFIRM

http://www.securitytracker.com/id/1035891

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 12, 2017
Vulnerability Reserved
Mar 1, 2016