This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Bugzilla Security Advisory
During the generation of a dependency graph, the code for the HTML
image map is generated locally if a local dot installation is used.
With escaped HTML characters in a bug summary, it is possible to
inject unfiltered HTML code in the map file which the CreateImagemap
function generates. This could be used for a cross-site scripting
If an external HTML page contains a <script> element with its src
attribute pointing to a buglist in CSV format, some web browsers
buglist is generated based on the privileges of the user logged into
Bugzilla, the external page could collect confidential data contained
in the CSV file.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3