Back to search
CVE-2011-0048
Published: Jan 28, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
45982
vdb-entry
x_refsource_BID
43165
third-party-advisory
x_refsource_SECUNIA
http://www.bugzilla.org/security/3.2.9/
x_refsource_CONFIRM
FEDORA-2011-0741
vendor-advisory
x_refsource_FEDORA
ADV-2011-0271
vdb-entry
x_refsource_VUPEN
43033
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0207
vdb-entry
x_refsource_VUPEN
FEDORA-2011-0755
vendor-advisory
x_refsource_FEDORA
70704
vdb-entry
x_refsource_OSVDB
https://bugzilla.mozilla.org/show_bug.cgi?id=628034
x_refsource_CONFIRM
DSA-2322
vendor-advisory
x_refsource_DEBIAN
bugzilla-url-xss(65005)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now