GCVE - cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*

part: a version: 1.3 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Bonsai (`a4272f64-5111-5548-a256-220fa65d3134`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2003-0155`	vulnerable	2026-06-03 14:26:24.857693	Details available bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. Published: 2003-03-26T05:00:00.000Z Updated: 2024-08-08T01:43:35.778Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/7163 http://www.debian.org/security/2003/dsa-265	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0154`	vulnerable	2026-06-03 14:26:24.857434	Details available Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. Published: 2003-03-26T05:00:00.000Z Updated: 2024-08-08T01:43:35.904Z Open on db.gcve.eu Reference links http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view http://www.securityfocus.com/bid/5516 http://www.iss.net/security_center/static/9920.php http://marc.info/?l=bugtraq&m=102980129101054&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0153`	vulnerable	2026-06-03 14:26:24.857095	Details available bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. Published: 2003-03-26T05:00:00.000Z Updated: 2024-08-08T01:43:35.993Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=102980129101054&w=2 http://bugzilla.mozilla.org/show_bug.cgi?id=187230 http://www.debian.org/security/2003/dsa-265 https://exchange.xforce.ibmcloud.com/vulnerabilities/9921 http://www.securityfocus.com/bid/5517	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0152`	vulnerable	2026-06-03 14:26:24.856734	Details available Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. Published: 2003-03-26T05:00:00.000Z Updated: 2024-08-08T01:43:36.060Z Open on db.gcve.eu Reference links http://www.debian.org/security/2003/dsa-265 http://www.securityfocus.com/bid/7162	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.