Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla XSS / Insecure Temporary File Names

Medium

Synopsis

The remote server is running Bugzilla, a bug tracking system.

Description

The remote server is running Bugzilla, a bug tracking system. There is a flaw in the remote installation of Bugzilla that makes it vulnerable to cross-site scripting attacks and that may allow local attackers to escalate their privileges due to the use of insecure temporary file names.

Solution

Upgrade to Bugzilla 2.16.3, 2.17.4 or higher.