Cross-Site Scripting in Bugzilla Product by Mozilla
CVE-2016-2803

6.1MEDIUM

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
12 April 2017

What is CVE-2016-2803?

A Cross-Site Scripting (XSS) vulnerability exists in Bugzilla's dependency graphs that can allow remote attackers to inject arbitrary web scripts or HTML into the application. This weakness affects versions from 2.16rc1 through 4.4.11, as well as 4.5.1 through 5.0.2, enabling potential exploitation of user data and impacting the integrity of the application. Users are advised to apply security patches and upgrade to the latest version to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/archive/1/538401/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://www.bugzilla.org/security/4.4.11/
x_refsource_CONFIRM
http://www.securitytracker.com/id/1035891
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-2803 : Cross-Site Scripting in Bugzilla Product by Mozilla