3.5
CVE-2006-5453
- EPSS 1.87%
- Veröffentlicht 23.10.2006 17:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.87% | 0.766 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
http://secunia.com/advisories/22826
http://www.debian.org/security/2006/dsa-1208
http://secunia.com/advisories/22409
http://secunia.com/advisories/22790
http://security.gentoo.org/glsa/glsa-200611-04.xml
http://securityreason.com/securityalert/1760
http://securitytracker.com/id?1017063
http://www.bugzilla.org/security/2.18.5/
http://www.osvdb.org/29544
http://www.osvdb.org/29545
http://www.osvdb.org/29549
http://www.securityfocus.com/archive/1/448777/100/100/threaded
http://www.securityfocus.com/bid/20538
http://www.vupen.com/english/advisories/2006/4035
https://bugzilla.mozilla.org/show_bug.cgi?id=206037
https://bugzilla.mozilla.org/show_bug.cgi?id=330555
https://bugzilla.mozilla.org/show_bug.cgi?id=355728
https://exchange.xforce.ibmcloud.com/vulnerabilities/29610
https://exchange.xforce.ibmcloud.com/vulnerabilities/29619