CVE-2012-4189

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
mozillabugzilla
4.1
mozillabugzilla
4.1.1
mozillabugzilla
4.1.2
mozillabugzilla
4.1.3
mozillabugzilla
4.2
mozillabugzilla
4.2:rc1
mozillabugzilla
4.2:rc2
mozillabugzilla
4.2.1
mozillabugzilla
4.2.2
mozillabugzilla
4.2.3
mozillabugzilla
4.3
mozillabugzilla
4.3.1
mozillabugzilla
4.3.2
mozillabugzilla
4.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://www.bugzilla.org/security/3.6.11/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
http://www.bugzilla.org/security/3.6.11/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
https://bugzilla.mozilla.org/show_bug.cgi?id=790296