CVE-2006-5453
Vulnerability from cvelistv5
Published
2006-10-23 17:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bugzilla-h1h2-tags-xss(29610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29610"
},
{
"name": "22409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22409"
},
{
"name": "bugzilla-showdependencygraph(29619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29619"
},
{
"name": "1760",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=355728"
},
{
"name": "DSA-1208",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1208"
},
{
"name": "ADV-2006-4035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4035"
},
{
"name": "1017063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017063"
},
{
"name": "29545",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29545"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=206037"
},
{
"name": "20538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20538"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=330555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/2.18.5/"
},
{
"name": "22790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22790"
},
{
"name": "29544",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29544"
},
{
"name": "GLSA-200611-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"
},
{
"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
},
{
"name": "22826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22826"
},
{
"name": "29549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bugzilla-h1h2-tags-xss(29610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29610"
},
{
"name": "22409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22409"
},
{
"name": "bugzilla-showdependencygraph(29619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29619"
},
{
"name": "1760",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=355728"
},
{
"name": "DSA-1208",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1208"
},
{
"name": "ADV-2006-4035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4035"
},
{
"name": "1017063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017063"
},
{
"name": "29545",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29545"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=206037"
},
{
"name": "20538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20538"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=330555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/2.18.5/"
},
{
"name": "22790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22790"
},
{
"name": "29544",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29544"
},
{
"name": "GLSA-200611-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"
},
{
"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
},
{
"name": "22826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22826"
},
{
"name": "29549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bugzilla-h1h2-tags-xss(29610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29610"
},
{
"name": "22409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22409"
},
{
"name": "bugzilla-showdependencygraph(29619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29619"
},
{
"name": "1760",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1760"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=355728",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=355728"
},
{
"name": "DSA-1208",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1208"
},
{
"name": "ADV-2006-4035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4035"
},
{
"name": "1017063",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017063"
},
{
"name": "29545",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29545"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=206037",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=206037"
},
{
"name": "20538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20538"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=330555",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=330555"
},
{
"name": "http://www.bugzilla.org/security/2.18.5/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.18.5/"
},
{
"name": "22790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22790"
},
{
"name": "29544",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29544"
},
{
"name": "GLSA-200611-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-04.xml"
},
{
"name": "20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448777/100/100/threaded"
},
{
"name": "22826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22826"
},
{
"name": "29549",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5453",
"datePublished": "2006-10-23T17:00:00",
"dateReserved": "2006-10-23T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDB99B2D-CA05-4BC0-BCA4-9B94DF248333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3635C0E9-2E43-4BAE-8267-2BB2F68B03BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4869A709-AF79-49BD-A7D2-D48A8D79A085\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAC72143-27C3-498F-AFAB-98AE043C0545\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE5E8E72-D493-460D-B5A0-F90C291398A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04885D31-09F3-455F-A1A9-815E182ABCF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F153300E-42CC-4BDD-88EC-E8A0ADB4E3B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BCD546-2A50-4F43-935C-B68459EE894E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C535BAB7-6146-440B-ADBD-51007585CFC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A749C7AB-6F60-469C-BD95-759205DDA345\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B45F6C27-D89A-42A0-A304-5B0C57D2A9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"196B7CD8-D721-4CFB-B126-78758128E900\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEA9DE63-9951-4FE0-80BE-0F6F197303D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0CEDD02-1CB8-4D5B-B82B-E300B4E39065\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2969731-8256-431B-9356-4BC873D98F6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02846865-D124-4C72-85C8-59A7C6F43E2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B59422-ED6E-4F82-8D0C-091058D1C438\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F658844A-6253-4A18-8A5D-1E818BE7A367\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Bug\u003cilla 2.18.x anteriores a 2.18.6, 2.20.x anteriores a 2.20.3, 2.22.x anteriores a 2.22.1, y 2.23.x anteriores a 2.23.3 permiten a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\\u00f3n mediante (1) cabeceras de p\\u00e1gina usando las etiquetas HTML H1, H2, H3 en global/header.html.tmpl, (2) campos de descripci\\u00f3n de determinados objetos en varias secuencias de comandos cgi de edici\\u00f3n, y (3) el par\\u00e1metro id en showdependencygraph.cgi.\"}]",
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nMozilla, Bugzilla, 2.18.6\r\nMozilla, Bugzilla, 2.20.3\r\nMozilla, Bugzilla, 2.22.1\r\nMozilla, Bugzilla, 2.23.3",
"id": "CVE-2006-5453",
"lastModified": "2024-11-21T00:19:18.190",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2006-10-23T17:07:00.000",
"references": "[{\"url\": \"http://secunia.com/advisories/22409\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22790\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22826\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200611-04.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/1760\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017063\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.bugzilla.org/security/2.18.5/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1208\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/29544\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/29545\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/29549\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/448777/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20538\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4035\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=206037\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=330555\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=355728\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29610\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29619\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22409\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22790\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200611-04.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/1760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017063\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.bugzilla.org/security/2.18.5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/29544\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/29545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/29549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/448777/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20538\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4035\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=206037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=330555\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=355728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29610\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29619\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2006-5453\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-23T17:07:00.000\",\"lastModified\":\"2024-11-21T00:19:18.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Bug\u003cilla 2.18.x anteriores a 2.18.6, 2.20.x anteriores a 2.20.3, 2.22.x anteriores a 2.22.1, y 2.23.x anteriores a 2.23.3 permiten a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) cabeceras de p\u00e1gina usando las etiquetas HTML H1, H2, H3 en global/header.html.tmpl, (2) campos de descripci\u00f3n de determinados objetos en varias secuencias de comandos cgi de edici\u00f3n, y (3) el par\u00e1metro id en showdependencygraph.cgi.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDB99B2D-CA05-4BC0-BCA4-9B94DF248333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3635C0E9-2E43-4BAE-8267-2BB2F68B03BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4869A709-AF79-49BD-A7D2-D48A8D79A085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAC72143-27C3-498F-AFAB-98AE043C0545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE5E8E72-D493-460D-B5A0-F90C291398A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04885D31-09F3-455F-A1A9-815E182ABCF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F153300E-42CC-4BDD-88EC-E8A0ADB4E3B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BCD546-2A50-4F43-935C-B68459EE894E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C535BAB7-6146-440B-ADBD-51007585CFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A749C7AB-6F60-469C-BD95-759205DDA345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B45F6C27-D89A-42A0-A304-5B0C57D2A9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"196B7CD8-D721-4CFB-B126-78758128E900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEA9DE63-9951-4FE0-80BE-0F6F197303D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0CEDD02-1CB8-4D5B-B82B-E300B4E39065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2969731-8256-431B-9356-4BC873D98F6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02846865-D124-4C72-85C8-59A7C6F43E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B59422-ED6E-4F82-8D0C-091058D1C438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F658844A-6253-4A18-8A5D-1E818BE7A367\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/22409\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22790\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22826\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200611-04.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1760\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017063\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.bugzilla.org/security/2.18.5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1208\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/29544\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/29545\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/29549\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/448777/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20538\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4035\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=206037\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=330555\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=355728\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29610\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29619\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200611-04.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/1760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.bugzilla.org/security/2.18.5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/29544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/29545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/29549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/448777/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=206037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=330555\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=355728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29610\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability is addressed in the following product releases:\\r\\nMozilla, Bugzilla, 2.18.6\\r\\nMozilla, Bugzilla, 2.20.3\\r\\nMozilla, Bugzilla, 2.22.1\\r\\nMozilla, Bugzilla, 2.23.3\"}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.