CVE-2015-8509
3.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Exploitability: 2.1 / Impact: 1.4
Source: NVD
Description
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.
Affected (147)
References (12)
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
ExploitVendor Advisory
Source: security@mozilla.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.