Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Bugzilla跨站脚本攻击漏洞
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla 3.2.10之前版本,3.4.10之前的3.4.x版本,3.6.4之前的3.6.x版本,以及4.0rc2之前的4.0.x版本没有正确处理在(1)javascript:或者(2)data:URI之前的空白,远程攻击者可以借助URL(又名bug_file_loc)字段进行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A