VDB
GCVE-110-MAGEIA-2014-199
GCVE-110-MAGEIA-2014-199
Advisory Published
Updated bugzilla packages fix security vulnerabilities:
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi
in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the
authentication of arbitrary users for requests that modify bugs via
vectors involving a midair-collision token (CVE-2013-1733).
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in
Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before
4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to
hijack the authentication of arbitrary users for requests that commit
an attachment change via an update action (CVE-2013-1734).
Multiple cross-site scripting (XSS) vulnerabilities in
editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11;
4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow
remote attackers to inject arbitrary web script or HTML via the (1)
id or (2) sortkey parameter (CVE-2013-1742).
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi
in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before
4.4.1 allow remote attackers to inject arbitrary web script or HTML
via a field value that is not properly handled during construction
of a tabular report, as demonstrated by the (1) summary or (2) real
name field. NOTE: this issue exists because of an incomplete fix
for CVE-2012-4189 (CVE-2013-1743).
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before
4.5.3 does not properly handle a correctly authenticated but unintended
login attempt, which makes it easier for remote authenticated users to
obtain sensitive information by arranging for a victim to login to the
attacker's account and then submit a vulnerability report, related to a
"login CSRF" issue (CVE-2014-1517).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kate | 0 (affected), 4.12.5-1.2.mga4 (unaffected) | — |
| Mageia | bugzilla | 0 (affected), 4.4.4-1.1.mga3 (unaffected), 0 (affected), 4.4.4-1.1.mga3 (unaffected) | — |
References
Updated kate package fixes crashes
advisory
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.