CVE-2004-1061

Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.

Affected Software

Name	Vendor	Start Version	End Version
Bugzilla	Mozilla	2.16.1 (including)	2.16.1 (including)
Bugzilla	Mozilla	2.16.2 (including)	2.16.2 (including)
Bugzilla	Mozilla	2.16.3 (including)	2.16.3 (including)
Bugzilla	Mozilla	2.16.4 (including)	2.16.4 (including)
Bugzilla	Mozilla	2.16.5 (including)	2.16.5 (including)
Bugzilla	Mozilla	2.16.6 (including)	2.16.6 (including)
Bugzilla	Mozilla	2.16.7 (including)	2.16.7 (including)
Bugzilla	Mozilla	2.16.8 (including)	2.16.8 (including)
Bugzilla	Mozilla	2.16.9 (including)	2.16.9 (including)
Bugzilla	Mozilla	2.16.10 (including)	2.16.10 (including)
Bugzilla	Mozilla	2.16.11 (including)	2.16.11 (including)
Bugzilla	Mozilla	2.17 (including)	2.17 (including)
Bugzilla	Mozilla	2.17.1 (including)	2.17.1 (including)
Bugzilla	Mozilla	2.17.3 (including)	2.17.3 (including)
Bugzilla	Mozilla	2.17.4 (including)	2.17.4 (including)
Bugzilla	Mozilla	2.17.5 (including)	2.17.5 (including)
Bugzilla	Mozilla	2.17.6 (including)	2.17.6 (including)
Bugzilla	Mozilla	2.17.7 (including)	2.17.7 (including)
Bugzilla	Ubuntu	dapper	*
Bugzilla	Ubuntu	devel	*
Bugzilla	Ubuntu	edgy	*
Bugzilla	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1061
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References