This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
A Bugzilla Security Advisory reports :
This advisory covers three security issues that have recently been
fixed in the Bugzilla code :
- A possible cross-site scripting (XSS) vulnerability when filing bugs
using the guided form.
- When using email_in.pl, insufficiently escaped data may be passed to
- Users using the WebService interface may access Bugzilla's
time-tracking fields even if they normally cannot see them.
We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 26090 (freebsd_pkg_75231c63f6a2499d8e27787773bda284.nasl)
Bugtraq ID: 25425
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now