CVE-2004-0705

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.

Impact & exploitability

AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://www.securityfocus.com/bid/10698 ↗

Additional information

• NVD record
• http://www.securityfocus.com/bid/10698Patch
• http://bugzilla.mozilla.org/show_bug.cgi?id=235265
• http://marc.info/?l=bugtraq&m=108965446813639&w=2
• https://exchange.xforce.ibmcloud.com/vulnerabilities/16670