CVE-2003-0602

medium

Description

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.

References

http://www.securityfocus.com/bid/6868

http://www.securityfocus.com/bid/6861

http://www.bugzilla.org/security/2.16.2/

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653

Details

Source: Mitre, NVD

Published: 2003-08-27

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium