3.5

CVE-2006-5453

EPSS 0.81%
Published 23.10.2006 17:07:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Bugzilla Version2.18

Mozilla ≫ Bugzilla Version2.18 Updaterc1

Mozilla ≫ Bugzilla Version2.18 Updaterc2

Mozilla ≫ Bugzilla Version2.18 Updaterc3

Mozilla ≫ Bugzilla Version2.18.1

Mozilla ≫ Bugzilla Version2.18.2

Mozilla ≫ Bugzilla Version2.18.3

Mozilla ≫ Bugzilla Version2.18.4

Mozilla ≫ Bugzilla Version2.18.5

Mozilla ≫ Bugzilla Version2.20

Mozilla ≫ Bugzilla Version2.20 Updaterc1

Mozilla ≫ Bugzilla Version2.20 Updaterc2

Mozilla ≫ Bugzilla Version2.20.1

Mozilla ≫ Bugzilla Version2.20.2

Mozilla ≫ Bugzilla Version2.22

Mozilla ≫ Bugzilla Version2.23

Mozilla ≫ Bugzilla Version2.23.1

Mozilla ≫ Bugzilla Version2.23.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.81%	0.732

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

http://secunia.com/advisories/22826

http://www.debian.org/security/2006/dsa-1208

http://secunia.com/advisories/22409

http://secunia.com/advisories/22790

http://security.gentoo.org/glsa/glsa-200611-04.xml

http://securityreason.com/securityalert/1760

http://securitytracker.com/id?1017063

Patch

http://www.bugzilla.org/security/2.18.5/

http://www.osvdb.org/29544

http://www.osvdb.org/29545

Patch

http://www.osvdb.org/29549

http://www.securityfocus.com/archive/1/448777/100/100/threaded

http://www.securityfocus.com/bid/20538

http://www.vupen.com/english/advisories/2006/4035

https://bugzilla.mozilla.org/show_bug.cgi?id=206037

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=330555

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=355728

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29610

https://exchange.xforce.ibmcloud.com/vulnerabilities/29619

https://nvd.nist.gov/vuln/detail/CVE-2006-5453

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5453

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5453

EUVD