icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Bugzilla XSS / Insecure Temporary File Names

Medium

Synopsis

The remote server is running Bugzilla, a bug tracking system.

Description

The remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote installation of Bugzilla that makes it vulnerable to cross-site scripting attacks and that may allow local attackers to escalate their privileges due to the use of insecure temporary file names.

Solution

Upgrade to Bugzilla 2.16.3, 2.17.4 or higher.