 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2006-2420 |
| Description: | Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather due to design or documentation inconsistencies within RSS, or implementation vulnerabilities in RSS readers. While this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-2420 Bugtraq: 20051001 Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21 (Google Search) http://marc.info/?l=bugtraq&m=112818466125484&w=2 http://www.osvdb.org/23379 http://secunia.com/advisories/18979 XForce ISS Database: bugzilla-rss-title-xss(24820) https://exchange.xforce.ibmcloud.com/vulnerabilities/24820 |