Vulnonym.org

CVE-2008-2103 - Thrombosed Goshawk

Description

Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the \Format for Printing\ view or \Long Format\ bug list.

Reference

http://www.bugzilla.org/security/2.20.5/ https://bugzilla.mozilla.org/show_bug.cgi?id=425665 http://www.securityfocus.com/bid/29038 http://www.securitytracker.com/id?1019967 http://secunia.com/advisories/30064 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html http://secunia.com/advisories/30167 http://www.vupen.com/english/advisories/2008/1428/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42216