CVE-2006-5453

CVE Database · CVE-2006-5453

CVE-2006-5453

· N/AModified

CVSS v3.1

N/A

EPSS

1.87%

Published

Oct 23, 2006

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

Affected Products (18)

mozilla · bugzillavulnerable

References (20)

http://secunia.com/advisories/22409

http://secunia.com/advisories/22790

http://secunia.com/advisories/22826

http://security.gentoo.org/glsa/glsa-200611-04.xml

http://securityreason.com/securityalert/1760

http://securitytracker.com/id?1017063

Patch

http://www.bugzilla.org/security/2.18.5/

http://www.debian.org/security/2006/dsa-1208

http://www.osvdb.org/29544

http://www.osvdb.org/29545

Patch

http://www.osvdb.org/29549

http://www.securityfocus.com/archive/1/448777/100/100/threaded

KEV Catalog EPSS Scores Vendors All CVEs