|
Description
|
|
Multiple vulnerabilities were identified in Bugzilla, which could be exploited by remote attackers to disclose sensitive information or perform SQL injection and cross site scripting.
The first issue is due to input validation errors in some RSS readers that do not properly validate feed titles, which could be exploited by attackers to cause malicious scripting code to be executed by the user's browser.
The second flaw is due to an input validation error in the "editparams.cgi" script that fails to properly validate the "whinedays" parameter, which could be exploited by malicious people to conduct SQL injection attacks.
The third vulnerability is due to an error in the login form that sends login requests to a malicious web site when the URL contains a double slash in the path name, which could be exploited by attackers to gain knowledge of sensitive information.
|
