CVE-2014-1573 in Bugzilla信息

摘要 (英语)

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

预定

2014-01-16

披露

2014-10-12

状态

已确认

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
67735	Mozilla Bugzilla 跨网站脚本	79	高	官方修复	CVE-2014-1573

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

来源

MITRE
NVD
CVE Details

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!