CVE-2006-5453

NameCVE-2006-5453
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1208-1
Debian Bugs395094

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcesarge2.16.7-7sarge2DSA-1208-1
bugzillasource(unstable)2.22.1-1low395094

Search for package or bug name: Reporting problems