CVE-2016-2803

high-risk

Published 2017-04-12

Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

Do I need to act?

0.39% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Bugzilla

Affected Vendors

Mozilla

References (8)

Third Party Advisory http://packetstormsecurity.com/files/137079/Bugzilla-4.4.11-5.0.2-Summary-Cross-...

http://www.securityfocus.com/archive/1/538401/100/0/threaded

Third Party Advisory http://www.securitytracker.com/id/1035891

Issue Tracking https://www.bugzilla.org/security/4.4.11/

Third Party Advisory http://packetstormsecurity.com/files/137079/Bugzilla-4.4.11-5.0.2-Summary-Cross-...

http://www.securityfocus.com/archive/1/538401/100/0/threaded

Third Party Advisory http://www.securitytracker.com/id/1035891

Issue Tracking https://www.bugzilla.org/security/4.4.11/

/ 100

high-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical