Back to search
CVE-2010-4567
Published: Jan 28, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
45982
vdb-entry
x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=619588
x_refsource_CONFIRM
43165
third-party-advisory
x_refsource_SECUNIA
http://www.bugzilla.org/security/3.2.9/
x_refsource_CONFIRM
FEDORA-2011-0741
vendor-advisory
x_refsource_FEDORA
ADV-2011-0271
vdb-entry
x_refsource_VUPEN
43033
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0207
vdb-entry
x_refsource_VUPEN
FEDORA-2011-0755
vendor-advisory
x_refsource_FEDORA
DSA-2322
vendor-advisory
x_refsource_DEBIAN
70699
vdb-entry
x_refsource_OSVDB
bugzilla-urlfield-xss(65004)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now