Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bugzilla跨站请求伪造漏洞
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla中存在跨站请求伪造漏洞,该漏洞源于应用程序允许用户借助HTTP请求,且在没有对这些请求执行正确有效性检查的情况下,执行某些操作。攻击者可利用该漏洞导致例如:通过欺骗登录的管理员去访问恶意网站,泄露某些关于私人漏洞报告的信息。以下版本中存在该漏洞:2.17.4至3.6.8版本,3.7.1至4.0.5版本和4.1.1至4.2
CVSS Information
N/A
Vulnerability Type
N/A