CVE-2007-4543
Published: 27 August 2007
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."
Priority
Status
Package | Release | Status |
---|---|---|
bugzilla Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(2.22.1-2.2ubuntu1)
|
|
hardy |
Released
(2.22.1-2.2ubuntu1)
|
|
intrepid |
Released
(2.22.1-2.2ubuntu1)
|
|
jaunty |
Released
(2.22.1-2.2ubuntu1)
|
|
karmic |
Released
(2.22.1-2.2ubuntu1)
|
|
upstream |
Needs triage
|