CVE-2015-8508

Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
mozillabugzilla
2.0
mozillabugzilla
2.2
mozillabugzilla
2.4
mozillabugzilla
2.6
mozillabugzilla
2.8
mozillabugzilla
2.10
mozillabugzilla
2.12
mozillabugzilla
2.14
mozillabugzilla
2.14.1
mozillabugzilla
2.14.2
mozillabugzilla
2.14.3
mozillabugzilla
2.14.4
mozillabugzilla
2.14.5
mozillabugzilla
2.16
mozillabugzilla
2.16.1
mozillabugzilla
2.16.2
mozillabugzilla
2.16.3
mozillabugzilla
2.16.4
mozillabugzilla
2.16.5
mozillabugzilla
2.16.6
mozillabugzilla
2.16.7
mozillabugzilla
2.16.8
mozillabugzilla
2.16.9
mozillabugzilla
2.16.10
mozillabugzilla
2.16.11
mozillabugzilla
2.18
mozillabugzilla
2.18.1
mozillabugzilla
2.18.2
mozillabugzilla
2.18.3
mozillabugzilla
2.18.4
mozillabugzilla
2.18.5
mozillabugzilla
2.18.6
mozillabugzilla
2.20
mozillabugzilla
2.20.1
mozillabugzilla
2.20.2
mozillabugzilla
2.20.3
mozillabugzilla
2.20.4
mozillabugzilla
2.20.5
mozillabugzilla
2.20.6
mozillabugzilla
2.20.7
mozillabugzilla
2.22
mozillabugzilla
2.22.1
mozillabugzilla
2.22.2
mozillabugzilla
2.22.3
mozillabugzilla
2.22.4
mozillabugzilla
2.22.5
mozillabugzilla
2.22.6
mozillabugzilla
2.22.7
mozillabugzilla
3.0
mozillabugzilla
3.0.1
mozillabugzilla
3.0.2
mozillabugzilla
3.0.3
mozillabugzilla
3.0.4
mozillabugzilla
3.0.5
mozillabugzilla
3.0.6
mozillabugzilla
3.0.7
mozillabugzilla
3.0.8
mozillabugzilla
3.0.9
mozillabugzilla
3.0.10
mozillabugzilla
3.0.11
mozillabugzilla
3.2
mozillabugzilla
3.2.1
mozillabugzilla
3.2.2
mozillabugzilla
3.2.3
mozillabugzilla
3.2.4
mozillabugzilla
3.2.5
mozillabugzilla
3.2.6
mozillabugzilla
3.2.7
mozillabugzilla
3.2.8
mozillabugzilla
3.2.9
mozillabugzilla
3.2.10
mozillabugzilla
3.4
mozillabugzilla
3.4.1
mozillabugzilla
3.4.2
mozillabugzilla
3.4.3
mozillabugzilla
3.4.5
mozillabugzilla
3.4.6
mozillabugzilla
3.4.7
mozillabugzilla
3.4.8
mozillabugzilla
3.4.9
mozillabugzilla
3.4.10
mozillabugzilla
3.4.11
mozillabugzilla
3.4.12
mozillabugzilla
3.4.13
mozillabugzilla
3.4.14
mozillabugzilla
3.6
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
3.6.3
mozillabugzilla
3.6.4
mozillabugzilla
3.6.5
mozillabugzilla
3.6.6
mozillabugzilla
3.6.7
mozillabugzilla
3.6.8
mozillabugzilla
3.6.9
mozillabugzilla
3.6.10
mozillabugzilla
3.6.11
mozillabugzilla
3.6.12
mozillabugzilla
3.6.13
mozillabugzilla
4.0
mozillabugzilla
4.0.1
mozillabugzilla
4.0.2
mozillabugzilla
4.0.3
mozillabugzilla
4.0.4
mozillabugzilla
4.0.5
mozillabugzilla
4.0.6
mozillabugzilla
4.0.7
mozillabugzilla
4.0.8
mozillabugzilla
4.0.9
mozillabugzilla
4.0.10
mozillabugzilla
4.0.11
mozillabugzilla
4.0.12
mozillabugzilla
4.0.13
mozillabugzilla
4.0.14
mozillabugzilla
4.0.15
mozillabugzilla
4.0.16
mozillabugzilla
4.0.17
mozillabugzilla
4.0.18
mozillabugzilla
4.2
mozillabugzilla
4.2.1
mozillabugzilla
4.2.2
mozillabugzilla
4.2.3
mozillabugzilla
4.2.4
mozillabugzilla
4.2.5
mozillabugzilla
4.2.6
mozillabugzilla
4.2.7
mozillabugzilla
4.2.8
mozillabugzilla
4.2.9
mozillabugzilla
4.2.10
mozillabugzilla
4.2.11
mozillabugzilla
4.2.12
mozillabugzilla
4.2.13
mozillabugzilla
4.2.14
mozillabugzilla
4.2.15
mozillabugzilla
4.4
mozillabugzilla
4.4.1
mozillabugzilla
4.4.2
mozillabugzilla
4.4.3
mozillabugzilla
4.4.4
mozillabugzilla
4.4.5
mozillabugzilla
4.4.6
mozillabugzilla
4.4.7
mozillabugzilla
4.4.8
mozillabugzilla
4.4.9
mozillabugzilla
4.4.10
mozillabugzilla
5.0
mozillabugzilla
5.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Information-Leak.html
http://seclists.org/bugtraq/2015/Dec/131
http://www.securityfocus.com/bid/79660
http://www.securitytracker.com/id/1034556
https://bugzilla.mozilla.org/show_bug.cgi?id=1221518
https://www.bugzilla.org/security/4.2.15/
http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Information-Leak.html
http://seclists.org/bugtraq/2015/Dec/131
http://www.securityfocus.com/bid/79660
http://www.securitytracker.com/id/1034556
https://bugzilla.mozilla.org/show_bug.cgi?id=1221518
https://www.bugzilla.org/security/4.2.15/