Vulnerability CVE-2014-1572

Vulnerability CVE-2014-1572

Published: 2014-10-12 Modified: 2014-10-13

Description:

	Topic	Author	Date
Med.	Bugzilla Account Creation / XSS / Information Leak	Multiple	08.10.2014

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Affected software
Mozilla -> Bugzilla
Fedoraproject -> Fedora

http://advisories.mageia.org/MGASA-2014-0412.html

http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141309.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141321.html

http://openwall.com/lists/oss-security/2014/10/07/20

http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html

http://www.bugzilla.org/security/4.0.14/

http://www.mandriva.com/security/advisories?name=MDVSA-2014:200

http://www.opennet.ru/opennews/art.shtml?num=40766

http://www.reddit.com/r/netsec/comments/2ihen0/new_class_of_vulnerability_in_perl_web/

http://www.securitytracker.com/id/1030978

https://bugzilla.mozilla.org/show_bug.cgi?id=1074812

https://security.gentoo.org/glsa/201607-11