7.5
CVE-2002-0807
- EPSS 1.3%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.3% | 0.668 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
http://www.securityfocus.com/bid/4964
http://bugzilla.mozilla.org/show_bug.cgi?id=146447
http://www.iss.net/security_center/static/9304.php