← Back

CVE-2013-1743

nvd nist
Published: Oct 24, 2013Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.

Affected (19)

Products: Mozilla: Bugzilla
Mozilla
1 product
Bugzilla
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Bugzilla
Version 4.1.1
Bugzilla
Version 4.1.2
Bugzilla
Version 4.1.3
Bugzilla
Version 4.1
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Bugzilla
Version 4.3.1
Bugzilla
Version 4.3.2
Bugzilla
Version 4.3.3
Bugzilla
Version 4.3
Configuration C
8 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Bugzilla
Version 4.2.1
Bugzilla
Version 4.2.2
Bugzilla
Version 4.2.3
Bugzilla
Version 4.2.4
Bugzilla
Version 4.2.5
Bugzilla
Version 4.2
Bugzilla
Version 4.2 rc1
Bugzilla
Version 4.2 rc2
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Bugzilla
Version 4.4
Bugzilla
Version 4.4 rc1
Bugzilla
Version 4.4 rc2

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.