Mozilla Bugzilla version 2.16.3 : Security vulnerabilities, CVEs published in 2016

cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*

Copy

CVE-2015-8509

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.

Max CVSS

4.3

EPSS Score

0.24%

Published

2016-01-03

Updated

2016-12-07

CVE-2015-8508

Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.

Max CVSS

4.7

EPSS Score

0.31%

Published

2016-01-03

Updated

2016-12-07

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!