FreeBSD : bugzilla -- multiple vulnerabilities (75231c63-f6a2-499d-8e27-787773bda284)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

A Bugzilla Security Advisory reports :

This advisory covers three security issues that have recently been
fixed in the Bugzilla code :

- A possible cross-site scripting (XSS) vulnerability when filing bugs
using the guided form.

- When using, insufficiently escaped data may be passed to

- Users using the WebService interface may access Bugzilla's
time-tracking fields even if they normally cannot see them.

We strongly advise that 2.20.x and 2.22.x users should upgrade to
2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
below, should upgrade to 3.0.1.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 26090 (freebsd_pkg_75231c63f6a2499d8e27787773bda284.nasl)

Bugtraq ID: 25425

CVE ID: CVE-2007-4538

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now