CVE-2014-1573 : Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x a

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

Published 2014-10-13 01:55:07

Updated 2016-11-28 19:10:49

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2014-1573

Mozilla » Bugzilla » Version: 2.8
cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.4
cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.6
cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.10
cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.12
cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.14
cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.14.1
cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16
cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16 Update RC1
cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.14.2
cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.14.3
cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.14.4
cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.14.5
cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.5
cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.6
cpe:2.3:a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.3
cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.4
cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.2
cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.3
cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.4
cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17
cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.1
cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.10
cpe:2.3:a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.11
cpe:2.3:a:mozilla:bugzilla:2.16.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.9
cpe:2.3:a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.7
cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.1
cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.7
cpe:2.3:a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16.8
cpe:2.3:a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.5
cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.6
cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.9
cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18 Update RC1
cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18 Update RC2
cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.19
cpe:2.3:a:mozilla:bugzilla:2.19:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18
cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.1
cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.19.1
cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.19.2
cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.19.3
cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18 Update RC3
cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.2
cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.3
cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20 Update RC1
cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20 Update RC2
cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.21
cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.21.1
cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.4
cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20
cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.21.2
cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.5
cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22
cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.1
cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.2
cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.23
cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.23.1
cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.23.2
cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22 Update RC1
cpe:2.3:a:mozilla:bugzilla:2.22:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.1
cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.3
cpe:2.3:a:mozilla:bugzilla:2.20.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.23.3
cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.23.4
cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.0
cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.2
cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.1.1
cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.1
cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.1.0
cpe:2.3:a:mozilla:bugzilla:3.1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.17.2
cpe:2.3:a:mozilla:bugzilla:2.17.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.3
cpe:2.3:a:mozilla:bugzilla:3.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.4
cpe:2.3:a:mozilla:bugzilla:3.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0 Rc1
cpe:2.3:a:mozilla:bugzilla:3.0_rc1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.4
cpe:2.3:a:mozilla:bugzilla:2.20.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.5
cpe:2.3:a:mozilla:bugzilla:2.20.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.1.3
cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.1.4
cpe:2.3:a:mozilla:bugzilla:3.1.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.6
cpe:2.3:a:mozilla:bugzilla:2.18.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.1.2
cpe:2.3:a:mozilla:bugzilla:3.1.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.6
cpe:2.3:a:mozilla:bugzilla:2.20.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.3
cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.4
cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.2
cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16 Rc2
cpe:2.3:a:mozilla:bugzilla:2.16_rc2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.9
cpe:2.3:a:mozilla:bugzilla:2.18.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.8
cpe:2.3:a:mozilla:bugzilla:2.18.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.7
cpe:2.3:a:mozilla:bugzilla:3.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2
cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.1
cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.3.1
cpe:2.3:a:mozilla:bugzilla:3.3.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.7
cpe:2.3:a:mozilla:bugzilla:2.18.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.6
cpe:2.3:a:mozilla:bugzilla:2.22.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.5
cpe:2.3:a:mozilla:bugzilla:2.22.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.6
cpe:2.3:a:mozilla:bugzilla:3.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.5
cpe:2.3:a:mozilla:bugzilla:3.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.3.2
cpe:2.3:a:mozilla:bugzilla:3.3.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0
cpe:2.3:a:mozilla:bugzilla:3.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.20.7
cpe:2.3:a:mozilla:bugzilla:2.20.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2 Update RC2
cpe:2.3:a:mozilla:bugzilla:3.2:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.18.6+
cpe:2.3:a:mozilla:bugzilla:2.18.6\+:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0 Update RC1
cpe:2.3:a:mozilla:bugzilla:3.0:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2 Update RC1
cpe:2.3:a:mozilla:bugzilla:3.2:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.2
cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.3
cpe:2.3:a:mozilla:bugzilla:3.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.3.3
cpe:2.3:a:mozilla:bugzilla:3.3.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.5
cpe:2.3:a:mozilla:bugzilla:3.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4
cpe:2.3:a:mozilla:bugzilla:3.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.3.4
cpe:2.3:a:mozilla:bugzilla:3.3.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.1
cpe:2.3:a:mozilla:bugzilla:3.4.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.8
cpe:2.3:a:mozilla:bugzilla:3.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4 Update RC1
cpe:2.3:a:mozilla:bugzilla:3.4:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.4
cpe:2.3:a:mozilla:bugzilla:3.2.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.3
cpe:2.3:a:mozilla:bugzilla:3.2.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.2
cpe:2.3:a:mozilla:bugzilla:3.4.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.3
cpe:2.3:a:mozilla:bugzilla:3.4.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.5.1
cpe:2.3:a:mozilla:bugzilla:3.5.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.4
cpe:2.3:a:mozilla:bugzilla:3.4.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.5.2
cpe:2.3:a:mozilla:bugzilla:3.5.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.9
cpe:2.3:a:mozilla:bugzilla:3.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.2
cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.5
cpe:2.3:a:mozilla:bugzilla:3.2.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.22.7
cpe:2.3:a:mozilla:bugzilla:2.22.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.16 Update RC2
cpe:2.3:a:mozilla:bugzilla:2.16:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.0
cpe:2.3:a:mozilla:bugzilla:2.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6
cpe:2.3:a:mozilla:bugzilla:3.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.5.3
cpe:2.3:a:mozilla:bugzilla:3.5.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.7
cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.10
cpe:2.3:a:mozilla:bugzilla:3.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.6
cpe:2.3:a:mozilla:bugzilla:3.2.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.5
cpe:2.3:a:mozilla:bugzilla:3.4.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.6
cpe:2.3:a:mozilla:bugzilla:3.4.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.0.11
cpe:2.3:a:mozilla:bugzilla:3.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.1
cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.7.1
cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6 Update RC1
cpe:2.3:a:mozilla:bugzilla:3.6:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.7
cpe:2.3:a:mozilla:bugzilla:3.4.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.7.2
cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.7
cpe:2.3:a:mozilla:bugzilla:3.2.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.8
cpe:2.3:a:mozilla:bugzilla:3.4.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.2
cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0
cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.0
cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.8
cpe:2.3:a:mozilla:bugzilla:3.2.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.7.3
cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.1
cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.9
cpe:2.3:a:mozilla:bugzilla:3.4.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.3
cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0 Update RC1
cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.9
cpe:2.3:a:mozilla:bugzilla:3.2.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.10
cpe:2.3:a:mozilla:bugzilla:3.4.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.11
cpe:2.3:a:mozilla:bugzilla:3.4.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.2.10
cpe:2.3:a:mozilla:bugzilla:3.2.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.1.1
cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.1.2
cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.4
cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0 Update RC2
cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.5
cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0.1
cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.12
cpe:2.3:a:mozilla:bugzilla:3.4.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.1.3
cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 2.21.2 Update RC1
cpe:2.3:a:mozilla:bugzilla:2.21.2:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.6
cpe:2.3:a:mozilla:bugzilla:3.6.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.7
cpe:2.3:a:mozilla:bugzilla:3.6.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2 Update RC1
cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.4.13
cpe:2.3:a:mozilla:bugzilla:3.4.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2 Update RC2
cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.8
cpe:2.3:a:mozilla:bugzilla:3.6.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2
cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.1
cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.3
cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.3.1
cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.9
cpe:2.3:a:mozilla:bugzilla:3.6.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.10
cpe:2.3:a:mozilla:bugzilla:3.6.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.2
cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.3.2
cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.3
cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.3.3
cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.11
cpe:2.3:a:mozilla:bugzilla:3.6.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.4
cpe:2.3:a:mozilla:bugzilla:4.2.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4 Update RC1
cpe:2.3:a:mozilla:bugzilla:4.4:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4 Update RC2
cpe:2.3:a:mozilla:bugzilla:4.4:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4
cpe:2.3:a:mozilla:bugzilla:4.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.12
cpe:2.3:a:mozilla:bugzilla:3.6.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 3.6.13
cpe:2.3:a:mozilla:bugzilla:3.6.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0.10
cpe:2.3:a:mozilla:bugzilla:4.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.5
cpe:2.3:a:mozilla:bugzilla:4.2.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.5.1
cpe:2.3:a:mozilla:bugzilla:4.5.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.5.2
cpe:2.3:a:mozilla:bugzilla:4.5.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.6
cpe:2.3:a:mozilla:bugzilla:4.2.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.7
cpe:2.3:a:mozilla:bugzilla:4.2.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4.4
cpe:2.3:a:mozilla:bugzilla:4.4.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.5
cpe:2.3:a:mozilla:bugzilla:4.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.5.3
cpe:2.3:a:mozilla:bugzilla:4.5.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.5.4
cpe:2.3:a:mozilla:bugzilla:4.5.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4.1
cpe:2.3:a:mozilla:bugzilla:4.4.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4.2
cpe:2.3:a:mozilla:bugzilla:4.4.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.8
cpe:2.3:a:mozilla:bugzilla:4.2.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.9
cpe:2.3:a:mozilla:bugzilla:4.2.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0.13
cpe:2.3:a:mozilla:bugzilla:4.0.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4.3
cpe:2.3:a:mozilla:bugzilla:4.4.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0.12
cpe:2.3:a:mozilla:bugzilla:4.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0.11
cpe:2.3:a:mozilla:bugzilla:4.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.4.5
cpe:2.3:a:mozilla:bugzilla:4.4.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.5.5
cpe:2.3:a:mozilla:bugzilla:4.5.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.2.10
cpe:2.3:a:mozilla:bugzilla:4.2.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Bugzilla » Version: 4.0.14
cpe:2.3:a:mozilla:bugzilla:4.0.14:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 21
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-1573

Top countries where our scanners detected CVE-2014-1573

Top open port discovered on systems with this issue 21

IPs affected by CVE-2014-1573 1

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-1573!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-1573

EPSS FAQ

0.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1573

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-1573

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1573

http://www.opennet.ru/opennews/art.shtml?num=40766

В Bugzilla устранена опасная уязвимость, открывшая новый вид атак на web-приложения

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html

[SECURITY] Fedora 20 Update: bugzilla-4.2.11-1.fc20

CVEs referencing this url
http://www.securityfocus.com/bid/70257

Bugzilla CVE-2014-1573 Multiple Cross Site Scripting Vulnerabilities
http://www.reddit.com/r/netsec/comments/2ihen0/new_class_of_vulnerability_in_perl_web/

New Class of Vulnerability in Perl Web Applications : netsec

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2014:200

mandriva.com

CVEs referencing this url
http://advisories.mageia.org/MGASA-2014-0412.html

Mageia Advisory: MGASA-2014-0412 - Updated bugzilla packages fix security vulnerabilities

CVEs referencing this url
https://security.gentoo.org/glsa/201607-11

Bugzilla: Multiple vulnerabilities (GLSA 201607-11) — Gentoo security

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1075578

1075578 - (CVE-2014-1573) [SECURITY] Improper filtering of CGI arguments
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html

[SECURITY] Fedora 19 Update: bugzilla-4.2.11-1.fc19

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html

[SECURITY] Fedora 21 Update: bugzilla-4.4.6-1.fc21

CVEs referencing this url
http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html

Bugzilla Account Creation / XSS / Information Leak ≈ Packet Storm

CVEs referencing this url
http://openwall.com/lists/oss-security/2014/10/07/20

oss-security - "New Class of Vulnerability in Perl Web Applications"

CVEs referencing this url
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

New Class of Vulnerability in Perl Web Applications | Hacking for Christ

CVEs referencing this url
http://www.securitytracker.com/id/1030978

Bugzilla Bugs Let Remote Users Create Unauthorized, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information - SecurityTracker

CVEs referencing this url
http://www.bugzilla.org/security/4.0.14/

4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory :: Bugzilla :: bugzilla.org
Vendor Advisory

CVEs referencing this url