CVE-2007-4543 Information

Description

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4 2.22.x before 2.22.3 and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the \guided form.\

Reference

http://osvdb.org/37201 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4/ http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386942 https://exchange.xforce.ibmcloud.com/vulnerabilities/36241