FreeBSD : bugzilla -- multiple vulnerabilities (6d68618a-7199-11db-a2ad-000c6ec775d9)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

A Bugzilla Security Advisory reports :

- Sometimes the information put into the <h1> and <h2> tags in
Bugzilla was not properly escaped, leading to a possible XSS

- Bugzilla administrators were allowed to put raw, unfiltered HTML
into many fields in Bugzilla, leading to a possible XSS vulnerability.
Now, the HTML allowed in those fields is limited.

- attachment.cgi could leak the names of private attachments

- The 'deadline' field was visible in the XML format of a bug, even to
users who were not a member of the 'timetrackinggroup.'

- A malicious user could pass a URL to an admin, and make the admin
delete or change something that he had not intended to delete or

- It is possible to inject arbitrary HTML into the
showdependencygraph.cgi page, allowing for a cross-site scripting

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23664 (freebsd_pkg_6d68618a719911dba2ad000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2006-5453

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now