ID de Prueba:	1.3.6.1.4.1.25623.1.0.106164
Categoría:	Web application abuses
Título:	Bugzilla Multiple Vulnerabilities
Resumen:	Bugzilla is prone to multiple vulnerabilities.
Descripción:	Summary: Bugzilla is prone to multiple vulnerabilities. Vulnerability Insight: Bugzilla is prone to multiple vulnerabilities: Cross-site scripting vulnerability in showdependencygraph.cgi when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary. (CVE-2015-8508) Template.pm does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code. (CVE-2015-8509) Vulnerability Impact: An attacker may obtain sensitive information or inject arbitrary web script or HTML. Affected Software/OS: Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 Solution: Upgrade to Version 4.2.16, 4.4.11, 5.0.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8508 BugTraq ID: 79660 http://www.securityfocus.com/bid/79660 Bugtraq: 20151222 Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 (Google Search) http://seclists.org/bugtraq/2015/Dec/131 http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Information-Leak.html http://www.securitytracker.com/id/1034556 Common Vulnerability Exposure (CVE) ID: CVE-2015-8509 BugTraq ID: 79662 http://www.securityfocus.com/bid/79662
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.