CVE-2006-5453

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5453
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

3.5 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/22409
http://secunia.com/advisories/22790
http://secunia.com/advisories/22826
http://security.gentoo.org/glsa/glsa-200611-04.xml
http://securityreason.com/securityalert/1760
http://securitytracker.com/id?1017063 Patch
http://www.bugzilla.org/security/2.18.5/
http://www.debian.org/security/2006/dsa-1208
http://www.osvdb.org/29544
http://www.osvdb.org/29545 Patch
http://www.osvdb.org/29549
http://www.securityfocus.com/archive/1/448777/100/100/threaded
http://www.securityfocus.com/bid/20538
http://www.vupen.com/english/advisories/2006/4035
https://bugzilla.mozilla.org/show_bug.cgi?id=206037 Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=330555 Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=355728 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/29610
https://exchange.xforce.ibmcloud.com/vulnerabilities/29619
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-10-23 17:07

Updated : 2023-12-10 10:40

NVD link : CVE-2006-5453

Mitre link : CVE-2006-5453

CVE.ORG link : CVE-2006-5453

JSON object : View

Products Affected

mozilla

  • bugzilla
CWE
NVD-CWE-Other