Vulnerability Details CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=146447
- http://www.iss.net/security_center/static/9304.php
- http://www.securityfocus.com/bid/4964
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=146447
- http://www.iss.net/security_center/static/9304.php
- http://www.securityfocus.com/bid/4964