FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- cross-site scripting vulnerability

Affected packages
bugzilla < 2.16.8
2.17.* <= bugzilla < 2.18
ja-bugzilla < 2.16.8
2.17.* <= ja-bugzilla < 2.18

Details

VuXML ID 97c3a452-6e36-11d9-8324-000a95bc6fae
Discovery 2004-12-01
Entry 2005-01-24

A Bugzilla advisory states:

This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL unaltered in the page, allowing scripts embedded in the URL to execute.

References

CVE Name CVE-2004-1061
URL http://www.bugzilla.org/security/2.16.7-nr/
URL https://bugzilla.mozilla.org/show_bug.cgi?id=272620