← voltar
CVE-2015-8509

CVE-2015-8509

EPSS 1.9%
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Information-Leak.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1232785http://seclists.org/bugtraq/2015/Dec/131https://www.bugzilla.org/security/4.2.15/http://www.securityfocus.com/bid/79662http://www.securitytracker.com/id/1034556