CVE-2006-5453 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6 2.20.x before 2.20.3 2.22.x before 2.22.1 and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1 H2 and H3 HTML tags in global/header.html.tmpl (2) description fields of certain items in various edit cgi scripts and (3) the id parameter in showdependencygraph.cgi.

Reference

http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://secunia.com/advisories/22826 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://securitytracker.com/id?1017063 http://www.bugzilla.org/security/2.18.5/ http://www.debian.org/security/2006/dsa-1208 http://www.osvdb.org/29544 http://www.osvdb.org/29545 http://www.osvdb.org/29549 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzilla.mozilla.org/show_bug.cgi?id=206037 https://bugzilla.mozilla.org/show_bug.cgi?id=330555 https://bugzilla.mozilla.org/show_bug.cgi?id=355728 https://exchange.xforce.ibmcloud.com/vulnerabilities/29610 https://exchange.xforce.ibmcloud.com/vulnerabilities/29619