Every CVE whose affected-product data names Mozilla Bugzilla, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (145)
CVE-2002-0007 — CVSS 10.0 (critical): CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request…
CVE-2003-1043 — CVSS 10.0 (critical): SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords…
CVE-2003-1042 — CVSS 10.0 (critical): SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts…
CVE-2004-0769 — CVSS 10.0 (critical): Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive…
CVE-2018-5123 — CVSS 8.8 (high): A third party website can access information available to a user with access to a restricted bug entry using the image generation in…
CVE-2001-1403 — CVSS 7.5 (high): Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information…
CVE-2001-1404 — CVSS 7.5 (high): Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to…
CVE-2001-1407 — CVSS 7.5 (high): Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which…
CVE-2002-0008 — CVSS 7.5 (high): Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who"…
CVE-2006-0915 — CVSS 7.5 (high): Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in…
CVE-2002-0010 — CVSS 7.5 (high): Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter…
CVE-2002-0804 — CVSS 7.5 (high): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP…
CVE-2015-4499 — CVSS 7.5 (high): Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses…
CVE-2006-0916 — CVSS 7.5 (high): Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause…
CVE-2001-0330 — CVSS 7.5 (high): Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request…
CVE-2001-1401 — CVSS 7.5 (high): Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions…
CVE-2001-1402 — CVSS 7.5 (high): Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities…
CVE-2002-1198 — CVSS 7.5 (high): Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote…
CVE-2003-0013 — CVSS 7.5 (high): The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames…
CVE-2010-4568 — CVSS 7.5 (high): Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does…
CVE-2003-1044 — CVSS 7.5 (high): editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group…
CVE-2003-1046 — CVSS 7.5 (high): describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows…
CVE-2009-3165 — CVSS 7.5 (high): SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through…
CVE-2004-0703 — CVSS 7.5 (high): Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to…
CVE-2009-3125 — CVSS 7.5 (high): SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to…
CVE-2004-0707 — CVSS 7.5 (high): SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with…
CVE-2009-0486 — CVSS 7.5 (high): Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to…
CVE-2005-1564 — CVSS 7.5 (high): post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are…
CVE-2007-5038 — CVSS 7.5 (high): The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the…
CVE-2007-0792 — CVSS 7.5 (high): The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to…
CVE-2005-4534 — CVSS 7.5 (high): The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink…
CVE-2001-0329 — CVSS 7.5 (high): Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1)…
CVE-2000-0421 — CVSS 7.5 (high): The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2002-0807 — CVSS 7.5 (high): Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute…
CVE-2002-0808 — CVSS 7.5 (high): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the…
CVE-2002-0809 — CVSS 7.5 (high): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers…
CVE-2002-0811 — CVSS 7.5 (high): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries…
CVE-2002-1196 — CVSS 7.5 (high): editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47…
CVE-2002-1197 — CVSS 7.5 (high): bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via…
CVE-2008-4437 — CVSS 7.1 (high): Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows…
CVE-2011-3669 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to…
CVE-2009-1213 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions…
CVE-2013-1733 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the…
CVE-2011-3668 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to…
CVE-2011-3667 — CVSS 6.8 (medium): The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x…
CVE-2011-0046 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x…
CVE-2003-0602 — CVSS 6.8 (medium): Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to…
CVE-2013-1734 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before…
CVE-2010-2757 — CVSS 6.5 (medium): The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send…
CVE-2014-8630 — CVSS 6.5 (medium): Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated…
CVE-2016-2803 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote…
CVE-2009-0483 — CVSS 5.8 (medium): Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2…
CVE-2009-0482 — CVSS 5.8 (medium): Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows…
CVE-2009-0485 — CVSS 5.8 (medium): Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows…
CVE-2009-0484 — CVSS 5.8 (medium): Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote…
CVE-2006-0914 — CVSS 5.5 (medium): Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in…
CVE-2006-0913 — CVSS 5.5 (medium): SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with…
CVE-2012-0440 — CVSS 5.1 (medium): Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and…
CVE-2012-0453 — CVSS 5.1 (medium): Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is…
CVE-2010-3764 — CVSS 5.0 (medium): The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in…
CVE-2002-0810 — CVSS 5.0 (medium): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could…
CVE-2007-4539 — CVSS 5.0 (medium): The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs…
CVE-2006-5454 — CVSS 5.0 (medium): Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1)…
CVE-2005-3138 — CVSS 5.0 (medium): Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of…
CVE-2011-2979 — CVSS 5.0 (medium): Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which…
CVE-2002-0009 — CVSS 5.0 (medium): show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the…
CVE-2002-0011 — CVSS 5.0 (medium): Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
CVE-2011-2380 — CVSS 5.0 (medium): Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x…
CVE-2014-1572 — CVSS 5.0 (medium): The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and…
CVE-2002-0803 — CVSS 5.0 (medium): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct…
CVE-2011-2978 — CVSS 5.0 (medium): Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x…
CVE-2010-2758 — CVSS 5.0 (medium): Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending…
CVE-2007-4538 — CVSS 5.0 (medium): email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the…
CVE-2013-0786 — CVSS 5.0 (medium): The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different…
CVE-2012-5884 — CVSS 5.0 (medium): The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the…
CVE-2005-2173 — CVSS 5.0 (medium): The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is…
CVE-2005-1565 — CVSS 5.0 (medium): Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password…
CVE-2005-1563 — CVSS 5.0 (medium): Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which…
CVE-2004-1634 — CVSS 5.0 (medium): show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows…
CVE-2004-1633 — CVSS 5.0 (medium): process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows…
CVE-2012-4747 — CVSS 5.0 (medium): Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially…
CVE-2004-0702 — CVSS 5.0 (medium): DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could…
CVE-2009-3166 — CVSS 5.0 (medium): token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a…
CVE-2009-3386 — CVSS 5.0 (medium): Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading…
CVE-2009-3387 — CVSS 5.0 (medium): Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to…
CVE-2005-3139 — CVSS 5.0 (medium): Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names…
CVE-2012-4197 — CVSS 5.0 (medium): Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4…
CVE-2010-1204 — CVSS 5.0 (medium): Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially…
CVE-2012-3981 — CVSS 5.0 (medium): Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before…
CVE-2010-2756 — CVSS 5.0 (medium): Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to…
CVE-2003-1045 — CVSS 5.0 (medium): votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user…
CVE-2015-8508 — CVSS 4.7 (medium): Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before…
CVE-2002-0805 — CVSS 4.6 (medium): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the…
CVE-2013-1743 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1…
CVE-2007-0791 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows…
CVE-2007-4543 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1…
CVE-2008-2103 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via…
CVE-2004-1061 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject…
CVE-2009-3989 — CVSS 4.3 (medium): Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that…
CVE-2010-4567 — CVSS 4.3 (medium): Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a…
CVE-2010-4569 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script…
CVE-2010-4570 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote…
CVE-2010-4572 — CVSS 4.3 (medium): CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2…
CVE-2011-0048 — CVSS 4.3 (medium): Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or…
CVE-2011-2379 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before…
CVE-2011-2381 — CVSS 4.3 (medium): CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x…
CVE-2011-2976 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote…
CVE-2011-3657 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x…
CVE-2002-2260 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject…
CVE-2012-0465 — CVSS 4.3 (medium): Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is…
CVE-2012-1968 — CVSS 4.3 (medium): Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during…
CVE-2012-1969 — CVSS 4.3 (medium): The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before…
CVE-2012-4189 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote…
CVE-2012-4199 — CVSS 4.3 (medium): template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and…
CVE-2012-5883 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and…
CVE-2013-0785 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before…
CVE-2013-1742 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x…
CVE-2006-2420 — CVSS 4.3 (medium): Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a…
CVE-2014-1546 — CVSS 4.3 (medium): The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and…
CVE-2014-1573 — CVSS 4.3 (medium): Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not…
CVE-2008-6098 — CVSS 4.0 (medium): Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote…
CVE-2012-4198 — CVSS 4.0 (medium): The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and…
CVE-2008-2104 — CVSS 4.0 (medium): The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via…
CVE-2012-0466 — CVSS 4.0 (medium): template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1…
CVE-2012-0448 — CVSS 4.0 (medium): Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not…
CVE-2010-2759 — CVSS 4.0 (medium): Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly…
CVE-2014-1517 — CVSS 4.0 (medium): The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but…
CVE-2014-1571 — CVSS 4.0 (medium): Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote…
CVE-2006-5453 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and…
CVE-2009-0481 — CVSS 3.5 (low): Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct…
CVE-2008-2105 — CVSS 3.5 (low): email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the…
CVE-2015-8509 — CVSS 3.5 (low): Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly…
CVE-2010-3172 — CVSS 2.6 (low): CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is…
CVE-2006-5455 — CVSS 2.6 (low): Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted…
CVE-2005-2174 — CVSS 2.6 (low): Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which…
CVE-2011-2977 — CVSS 2.1 (low): Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated…
CVE-2001-1405 — CVSS 2.1 (low): Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption)…
CVE-2004-0706 — CVSS 2.1 (low): Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server…
CVE-2008-7292 — CVSS 2.1 (low): Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with…
CVE-2003-0012 — CVSS 2.1 (low): The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable…
CVE-2003-0603 — CVSS 2.1 (low): Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink…
CVE-2002-0806 — CVSS 2.1 (low): Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly…
CVE-2001-1406 — CVSS 2.1 (low): process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the…
CVE-2010-0180 — CVSS 1.9 (low): Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the…
CVE-2010-2470 — CVSS 1.9 (low): Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions…