CVE-2013-1743 — Vulnetix

CVE-2013-1743 PUBLISHED CVSS 4.300000190734863 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.

EPSS 0.90% · 76.0th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

0.90%

76.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
mozilla	bugzilla	4.1, 4.1.1, 4.1.2

Timeline

Oct 9, 2013 PoC Published
Oct 24, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 17, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score
May 24, 2023 EPSS Score

References

https://bugzilla.mozilla.org/show_bug.cgi?id=924932 url
http://www.bugzilla.org/security/4.0.10/ url
https://nvd.nist.gov/vuln/detail/CVE-2013-1743 advisory
http://www.bugzilla.org/security/4.0.10 url

Open in Interactive Console →