CVE-2004-1061: XSS
First published: Fri Dec 31 2004(Updated: )
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =2.16.8 | |
| Mozilla Bugzilla | =2.17.6 | |
| Mozilla Bugzilla | =2.16.1 | |
| Mozilla Bugzilla | =2.16.2 | |
| Mozilla Bugzilla | =2.16.11 | |
| Mozilla Bugzilla | =2.17.4 | |
| Mozilla Bugzilla | =2.17.1 | |
| Mozilla Bugzilla | =2.16.9 | |
| Mozilla Bugzilla | =2.16.7 | |
| Mozilla Bugzilla | =2.17.5 | |
| Mozilla Bugzilla | =2.17.3 | |
| Mozilla Bugzilla | =2.16.4 | |
| Mozilla Bugzilla | =2.16.3 | |
| Mozilla Bugzilla | =2.17.7 | |
| Mozilla Bugzilla | =2.17 | |
| Mozilla Bugzilla | =2.16.6 | |
| Mozilla Bugzilla | =2.16.5 | |
| Mozilla Bugzilla | =2.16.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html
- http://www.mikx.de/index.php?p=6
- https://bugzilla.mozilla.org/show_bug.cgi?id=272620
- http://www.securityfocus.com/bid/12154
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18728
Frequently Asked Questions
What is the severity of CVE-2004-1061?
CVE-2004-1061 is classified as a medium severity Cross-site scripting (XSS) vulnerability.
How do I fix CVE-2004-1061?
To fix CVE-2004-1061, users should upgrade Bugzilla to version 2.18 or higher.
Which versions of Bugzilla are affected by CVE-2004-1061?
CVE-2004-1061 affects Bugzilla versions prior to 2.18, including 2.16.x before 2.16.11.
What types of attacks does CVE-2004-1061 enable?
CVE-2004-1061 enables attackers to inject arbitrary HTML and web scripts through forced error messages.
Is CVE-2004-1061 being actively exploited?
While CVE-2004-1061 is an older vulnerability, it remains important to apply patches as outdated software may still be targeted.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/2.16.8
- version/mozilla bugzilla/2.17.6
- version/mozilla bugzilla/2.16.1
- version/mozilla bugzilla/2.16.2
- version/mozilla bugzilla/2.16.11
- version/mozilla bugzilla/2.17.4
- version/mozilla bugzilla/2.17.1
- version/mozilla bugzilla/2.16.9
- version/mozilla bugzilla/2.16.7
- version/mozilla bugzilla/2.17.5
- version/mozilla bugzilla/2.17.3
- version/mozilla bugzilla/2.16.4
- version/mozilla bugzilla/2.16.3
- version/mozilla bugzilla/2.17.7
- version/mozilla bugzilla/2.17
- version/mozilla bugzilla/2.16.6
- version/mozilla bugzilla/2.16.5
- version/mozilla bugzilla/2.16.10