CVE-2012-0466

CVE Database · CVE-2012-0466

CVE-2012-0466

· N/AModified

CVSS v3.1

N/A

EPSS

0.85%

Published

Apr 27, 2012

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.

Weaknesses (CWE)

CWE-264

Affected Products (164)

mozilla · bugzillavulnerable

References (10)

http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html

https://bugzilla.mozilla.org/show_bug.cgi?id=745397

http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html

https://bugzilla.mozilla.org/show_bug.cgi?id=745397

KEV Catalog EPSS Scores Vendors All CVEs