FKIE_CVE-2006-5453

Vulnerability from fkie_nvd - Published: 2006-10-23 17:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.
References
cve@mitre.orghttp://secunia.com/advisories/22409
cve@mitre.orghttp://secunia.com/advisories/22790
cve@mitre.orghttp://secunia.com/advisories/22826
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200611-04.xml
cve@mitre.orghttp://securityreason.com/securityalert/1760
cve@mitre.orghttp://securitytracker.com/id?1017063Patch
cve@mitre.orghttp://www.bugzilla.org/security/2.18.5/
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1208
cve@mitre.orghttp://www.osvdb.org/29544
cve@mitre.orghttp://www.osvdb.org/29545Patch
cve@mitre.orghttp://www.osvdb.org/29549
cve@mitre.orghttp://www.securityfocus.com/archive/1/448777/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20538
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4035
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=206037Patch
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=330555Patch
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=355728Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29610
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29619
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22409
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22790
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22826
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200611-04.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1760
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017063Patch
af854a3a-2127-422b-91ae-364da2661108http://www.bugzilla.org/security/2.18.5/
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1208
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29544
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29545Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29549
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/448777/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20538
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4035
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=206037Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=330555Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=355728Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29610
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29619
Impacted products
Vendor Product Version
mozilla bugzilla 2.18
mozilla bugzilla 2.18
mozilla bugzilla 2.18
mozilla bugzilla 2.18
mozilla bugzilla 2.18.1
mozilla bugzilla 2.18.2
mozilla bugzilla 2.18.3
mozilla bugzilla 2.18.4
mozilla bugzilla 2.18.5
mozilla bugzilla 2.20
mozilla bugzilla 2.20
mozilla bugzilla 2.20
mozilla bugzilla 2.20.1
mozilla bugzilla 2.20.2
mozilla bugzilla 2.22
mozilla bugzilla 2.23
mozilla bugzilla 2.23.1
mozilla bugzilla 2.23.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDB99B2D-CA05-4BC0-BCA4-9B94DF248333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3635C0E9-2E43-4BAE-8267-2BB2F68B03BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4869A709-AF79-49BD-A7D2-D48A8D79A085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EAC72143-27C3-498F-AFAB-98AE043C0545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5E8E72-D493-460D-B5A0-F90C291398A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04885D31-09F3-455F-A1A9-815E182ABCF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F153300E-42CC-4BDD-88EC-E8A0ADB4E3B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BCD546-2A50-4F43-935C-B68459EE894E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C535BAB7-6146-440B-ADBD-51007585CFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A749C7AB-6F60-469C-BD95-759205DDA345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B45F6C27-D89A-42A0-A304-5B0C57D2A9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "196B7CD8-D721-4CFB-B126-78758128E900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEA9DE63-9951-4FE0-80BE-0F6F197303D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CEDD02-1CB8-4D5B-B82B-E300B4E39065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2969731-8256-431B-9356-4BC873D98F6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "02846865-D124-4C72-85C8-59A7C6F43E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B59422-ED6E-4F82-8D0C-091058D1C438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F658844A-6253-4A18-8A5D-1E818BE7A367",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Bug\u003cilla 2.18.x anteriores a 2.18.6, 2.20.x anteriores a 2.20.3, 2.22.x anteriores a 2.22.1, y 2.23.x anteriores a 2.23.3 permiten a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) cabeceras de p\u00e1gina usando las etiquetas HTML H1, H2, H3 en global/header.html.tmpl, (2) campos de descripci\u00f3n de determinados objetos en varias secuencias de comandos cgi de edici\u00f3n, y (3) el par\u00e1metro id en showdependencygraph.cgi."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nMozilla, Bugzilla, 2.18.6\r\nMozilla, Bugzilla, 2.20.3\r\nMozilla, Bugzilla, 2.22.1\r\nMozilla, Bugzilla, 2.23.3",
  "id": "CVE-2006-5453",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-23T17:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22790"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22826"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1760"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017063"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.bugzilla.org/security/2.18.5/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1208"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29544"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/29545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20538"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4035"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=206037"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=330555"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=355728"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29610"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.bugzilla.org/security/2.18.5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/29545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=206037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=330555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=355728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29619"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.