CVE-2004-0705 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi (2) editgroups.cgi (3) editmilestones.cgi (4) editproducts.cgi (5) editusers.cgi and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6 and 2.18 before 2.18rc1 allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=235265 http://marc.info/?l=bugtraq&m=108965446813639&w=2 http://www.securityfocus.com/bid/10698 https://exchange.xforce.ibmcloud.com/vulnerabilities/16670