GCVE - cpe:2.3:a:mozilla:bugzilla:3.0_rc1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:bugzilla:3.0_rc1:*:*:*:*:*:*:*

part: a version: 3.0_rc1 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Bugzilla (`e01796e2-013a-5496-a0c3-a87ebcd7e088`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/bugzilla/bugzilla-dev`	purl2cpe	2026-06-01 10:17:53.655947
`pkg:github/bugzilla/bugzilla`	purl2cpe	2026-06-01 10:17:53.655948
`pkg:rpm/fedora/bugzilla`	purl2cpe	2026-06-01 10:17:53.655950
`pkg:rpm/opensuse/bugzilla`	purl2cpe	2026-06-01 10:17:53.655951

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-2803`	vulnerable	2026-06-03 14:35:43.898963	Details available Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. Published: 2017-04-12T22:00:00.000Z Updated: 2024-08-05T23:32:21.226Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/538401/100/0/threaded https://www.bugzilla.org/security/4.4.11/ http://www.securitytracker.com/id/1035891 http://packetstormsecurity.com/files/137079/Bugzilla-4.4.11-5.0.2-Summary-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1573`	vulnerable	2026-06-03 14:33:47.892112	Details available Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name. Published: 2014-10-13T01:00:00.000Z Updated: 2024-08-06T09:42:36.650Z Open on db.gcve.eu Reference links http://www.opennet.ru/opennews/art.shtml?num=40766 http://www.mandriva.com/security/advisories?name=MDVSA-2014:200 http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html http://www.securityfocus.com/bid/70257 http://openwall.com/lists/oss-security/2014/10/07/20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1572`	vulnerable	2026-06-03 14:33:47.887165	Details available The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. Published: 2014-10-13T01:00:00.000Z Updated: 2024-08-06T09:42:36.509Z Open on db.gcve.eu Reference links http://www.opennet.ru/opennews/art.shtml?num=40766 http://www.mandriva.com/security/advisories?name=MDVSA-2014:200 http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 http://openwall.com/lists/oss-security/2014/10/07/20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1571`	vulnerable	2026-06-03 14:33:47.867944	Details available Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. Published: 2014-10-13T01:00:00.000Z Updated: 2024-08-06T09:42:36.529Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 http://www.mandriva.com/security/advisories?name=MDVSA-2014:200 http://packetstormsecurity.com/files/128578/Bugzilla-Account-Creation-XSS-Information-Leak.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142524.html http://advisories.mageia.org/MGASA-2014-0412.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-6098`	vulnerable	2026-06-03 14:29:12.384503	Details available Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." Published: 2009-02-09T18:00:00.000Z Updated: 2024-08-07T11:20:25.110Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=449931 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html https://exchange.xforce.ibmcloud.com/vulnerabilities/46424 http://www.securityfocus.com/bid/32178	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2103`	vulnerable	2026-06-03 14:28:43.311753	Details available Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. Published: 2008-05-07T20:07:00.000Z Updated: 2024-08-07T08:49:57.528Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/29038 https://bugzilla.mozilla.org/show_bug.cgi?id=425665 http://secunia.com/advisories/30167 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html http://www.securitytracker.com/id?1019967	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.