4.3
CVE-2004-1061
- EPSS 1.03%
- Veröffentlicht 04.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.593 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html
http://www.mikx.de/index.php?p=6
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040
http://www.securityfocus.com/bid/12154
https://bugzilla.mozilla.org/show_bug.cgi?id=272620
https://exchange.xforce.ibmcloud.com/vulnerabilities/18728