CVE-2002-0807 Information

Description

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2 and 2.16 before 2.16rc2 could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field which is not properly quoted by editusers.cgi.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=146447 http://www.iss.net/security_center/static/9304.php http://www.securityfocus.com/bid/4964