Cross-site scripting vulnerability in Bugzilla allows remote execution of scripts via the full name field

Cross-site scripting vulnerability in Bugzilla allows remote execution of scripts via the full name field

CVE-2002-0807 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

Learn more about our User Device Pen Test.