| |
Vulnerability CVE-2012-0466
Published: 2012-04-27 Modified: 2012-04-28
Description: |
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page. |
See advisories in our WLB2 database: | Topic | Author | Date |
High |
| Multiple | 20.04.2012 |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
4.9/10 |
4.9/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
High |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|