CVE-2002-0807
First published: Wed Jul 31 2002(Updated: )
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =2.16-rc1 | |
| Mozilla Bugzilla | =2.16 | |
| Mozilla Bugzilla | =2.14.1 | |
| Mozilla Bugzilla | =2.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0807?
CVE-2002-0807 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2002-0807?
To fix CVE-2002-0807, update Bugzilla to version 2.14.2 or later, or 2.16rc2 or later.
What software versions are affected by CVE-2002-0807?
CVE-2002-0807 affects Bugzilla versions 2.14, 2.14.1, and 2.16 up to 2.16rc1.
What is the impact of CVE-2002-0807?
The impact of CVE-2002-0807 includes the possibility for remote attackers to execute scripts in the context of other Bugzilla users.
Is CVE-2002-0807 still a concern today?
While CVE-2002-0807 is old, if you are using an outdated version of Bugzilla, it remains a significant concern.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/tags
- agent/remedy
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/2.16-rc1
- version/mozilla bugzilla/2.16
- version/mozilla bugzilla/2.14.1
- version/mozilla bugzilla/2.14