Bugzilla XSS / Insecure Temporary File Names
Medium Nessus Network Monitor Plugin ID 1555
SynopsisThe remote server is running Bugzilla, a bug tracking system.
DescriptionThe remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote installation of Bugzilla that makes it vulnerable to cross-site scripting attacks and that may allow local attackers to escalate their privileges due to the use of insecure temporary file names.
SolutionUpgrade to Bugzilla 2.16.3, 2.17.4 or higher.