Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities

Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.


 

Privacy Statement
Copyright 2010, SecurityFocus