CVE-2008-2103 Information

Description

Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the \Format for Printing\ view or \Long Format\ bug list.

Reference

http://secunia.com/advisories/30064 http://secunia.com/advisories/30167 http://www.bugzilla.org/security/2.20.5/ http://www.securityfocus.com/bid/29038 http://www.securitytracker.com/id?1019967 http://www.vupen.com/english/advisories/2008/1428/references https://bugzilla.mozilla.org/show_bug.cgi?id=425665 https://exchange.xforce.ibmcloud.com/vulnerabilities/42216 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html