CVE-2007-4543

CVE Database · CVE-2007-4543

CVE-2007-4543

· N/AModified

CVSS v3.1

N/A

EPSS

1.36%

Published

Aug 27, 2007

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."

Weaknesses (CWE)

CWE-79

Affected Products (30)

mozilla · bugzillavulnerable

References (20)

http://osvdb.org/37201

http://secunia.com/advisories/26584

PatchVendor Advisory

http://secunia.com/advisories/26971

http://security.gentoo.org/glsa/glsa-200709-18.xml

http://www.bugzilla.org/security/2.20.4/

http://www.securityfocus.com/archive/1/477630/100/0/threaded

http://www.securityfocus.com/bid/25425

ExploitPatch

http://www.securitytracker.com/id?1018604

http://www.vupen.com/english/advisories/2007/2977

https://bugzilla.mozilla.org/show_bug.cgi?id=386942

KEV Catalog EPSS Scores Vendors All CVEs