CVE-2003-0602

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
http://www.bugzilla.org/security/2.16.2/
http://www.securityfocus.com/bid/6861	Patch Vendor Advisory
http://www.securityfocus.com/bid/6868	Patch Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
http://www.bugzilla.org/security/2.16.2/
http://www.securityfocus.com/bid/6861	Patch Vendor Advisory
http://www.securityfocus.com/bid/6868	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:bugzilla:2.16:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.3:::::::*

History

20 Nov 2024, 23:45

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653 -
References	~~() http://www.bugzilla.org/security/2.16.2/ -~~	() http://www.bugzilla.org/security/2.16.2/ -
References	~~() http://www.securityfocus.com/bid/6861 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/6861 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/6868 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/6868 - Patch, Vendor Advisory

Information

Published : 2003-08-27 04:00

Updated : 2024-11-20 23:45

NVD link : CVE-2003-0602

Mitre link : CVE-2003-0602

CVE.ORG link : CVE-2003-0602

JSON object : View

Products Affected

mozilla

bugzilla

CWE

NVD-CWE-Other

{"id": "CVE-2003-0602", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653", "source": "cve@mitre.org"}, {"url": "http://www.bugzilla.org/security/2.16.2/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6861", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6868", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.bugzilla.org/security/2.16.2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/6861", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/6868", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs."}, {"lang": "es", "value": "M\u00faltiples vulnerabildades de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.16.x anteriores a 2.16.3, y 2.17.x anteriores a 2.17.4, permite a atacantes remotos insertar HTML arbitrario o script web mediante (2) m\u00faltiples plantillas HTML rusas y alemanas por defecto, o (2) atributos ALT y NAME en etiquetas AREA como las usadas en la caracter\u00edstica de generaci\u00f3n de gr\u00e1ficos GraphViz de gr\u00e1ficos de depencias locales."}], "lastModified": "2024-11-20T23:45:07.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16D338E-C5BC-46E1-95DD-D9B0E25EE56E"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F19219-3AFD-4D8E-B02B-BFCBD1BC7C36"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B900D9A7-913A-4176-90CF-C7C3B09A4261"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B2FC5C7-B218-4B87-9805-F90AC0E7A281"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBCDA64F-C49A-4F5B-B285-4079D8E3A499"}, {"criteria": "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85ED3457-CC21-4DB3-931F-677F723E1B2A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}