CVE-2006-5453

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29619

https://exchange.xforce.ibmcloud.com/vulnerabilities/29610

https://bugzilla.mozilla.org/show_bug.cgi?id=355728

https://bugzilla.mozilla.org/show_bug.cgi?id=330555

https://bugzilla.mozilla.org/show_bug.cgi?id=206037

http://www.vupen.com/english/advisories/2006/4035

http://www.securityfocus.com/bid/20538

http://www.securityfocus.com/archive/1/448777/100/100/threaded

http://www.osvdb.org/29549

http://www.osvdb.org/29545

http://www.osvdb.org/29544

http://www.debian.org/security/2006/dsa-1208

http://www.bugzilla.org/security/2.18.5/

http://securitytracker.com/id?1017063

http://securityreason.com/securityalert/1760

http://security.gentoo.org/glsa/glsa-200611-04.xml

http://secunia.com/advisories/22826

http://secunia.com/advisories/22790

http://secunia.com/advisories/22409

Details

Source: Mitre, NVD

Published: 2006-10-23

Updated: 2018-10-17

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium