cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-5123,https://securityvulnerability.io/vulnerability/CVE-2018-5123,,A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.,Mozilla,Bugzilla,8.8,HIGH,0.001550000044517219,false,,false,false,false,,,false,false,,2019-04-29T15:34:03.000Z,0
CVE-2016-2803,https://securityvulnerability.io/vulnerability/CVE-2016-2803,,"Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.",Mozilla,Bugzilla,6.1,MEDIUM,0.00215000007301569,false,,false,false,false,,,false,false,,2017-04-12T22:00:00.000Z,0
CVE-2015-8508,https://securityvulnerability.io/vulnerability/CVE-2015-8508,,"Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.",Mozilla,Bugzilla,4.7,MEDIUM,0.006029999814927578,false,,false,false,false,,,false,false,,2016-01-03T02:00:00.000Z,0
CVE-2015-8509,https://securityvulnerability.io/vulnerability/CVE-2015-8509,,"Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.",Mozilla,Bugzilla,3.5,LOW,0.004619999788701534,false,,false,false,false,,,false,false,,2016-01-03T02:00:00.000Z,0
CVE-2015-4499,https://securityvulnerability.io/vulnerability/CVE-2015-4499,,"Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.",Mozilla,Bugzilla,,,0.023269999772310257,false,,false,false,false,,,false,false,,2015-09-14T01:00:00.000Z,0
CVE-2014-8630,https://securityvulnerability.io/vulnerability/CVE-2014-8630,,"Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.",Mozilla,Bugzilla,,,0.0036700000055134296,false,,false,false,false,,,false,false,,2015-02-01T15:00:00.000Z,0
CVE-2014-1571,https://securityvulnerability.io/vulnerability/CVE-2014-1571,,"Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.",Mozilla,Bugzilla,,,0.0016599999507889152,false,,false,false,false,,,false,false,,2014-10-13T01:00:00.000Z,0
CVE-2014-1546,https://securityvulnerability.io/vulnerability/CVE-2014-1546,,"The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.",Mozilla,Bugzilla,,,0.001610000035725534,false,,false,false,false,,,false,false,,2014-08-14T10:00:00.000Z,0
CVE-2014-1517,https://securityvulnerability.io/vulnerability/CVE-2014-1517,,"The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a ""login CSRF"" issue.",Mozilla,Bugzilla,,,0.0018700000364333391,false,,false,false,false,,,false,false,,2014-04-20T01:00:00.000Z,0
CVE-2013-1742,https://securityvulnerability.io/vulnerability/CVE-2013-1742,,"Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.",Mozilla,Bugzilla,,,0.003650000086054206,false,,false,false,false,,,false,false,,2013-10-24T10:53:00.000Z,0
CVE-2013-1743,https://securityvulnerability.io/vulnerability/CVE-2013-1743,,"Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field.  NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.",Mozilla,Bugzilla,,,0.001879999996162951,false,,false,false,false,,,false,false,,2013-10-24T10:53:00.000Z,0
CVE-2013-1733,https://securityvulnerability.io/vulnerability/CVE-2013-1733,,Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token.,Mozilla,Bugzilla,,,0.0017399999778717756,false,,false,false,false,,,false,false,,2013-10-24T10:53:00.000Z,0
CVE-2013-1734,https://securityvulnerability.io/vulnerability/CVE-2013-1734,,"Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action.",Mozilla,Bugzilla,,,0.0017399999778717756,false,,false,false,false,,,false,false,,2013-10-24T10:53:00.000Z,0
CVE-2013-0785,https://securityvulnerability.io/vulnerability/CVE-2013-0785,,"Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.",Mozilla,Bugzilla,,,0.0017099999822676182,false,,false,false,false,,,false,false,,2013-02-24T11:00:00.000Z,0
CVE-2013-0786,https://securityvulnerability.io/vulnerability/CVE-2013-0786,,"The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query.",Mozilla,Bugzilla,,,0.00279000005684793,false,,false,false,false,,,false,false,,2013-02-24T11:00:00.000Z,0
CVE-2012-5884,https://securityvulnerability.io/vulnerability/CVE-2012-5884,,"The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.",Mozilla,Bugzilla,,,0.002940000034868717,false,,false,false,false,,,false,false,,2012-11-16T11:00:00.000Z,0
CVE-2012-4197,https://securityvulnerability.io/vulnerability/CVE-2012-4197,,"Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.",Mozilla,Bugzilla,,,0.002940000034868717,false,,false,false,false,,,false,false,,2012-11-16T11:00:00.000Z,0
CVE-2012-4199,https://securityvulnerability.io/vulnerability/CVE-2012-4199,,"template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.",Mozilla,Bugzilla,,,0.0028800000436604023,false,,false,false,false,,,false,false,,2012-11-16T11:00:00.000Z,0
CVE-2012-5883,https://securityvulnerability.io/vulnerability/CVE-2012-5883,,"Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.",Mozilla,"Bugzilla,Yui",,,0.0022299999836832285,false,,false,false,false,,,false,false,,2012-11-16T11:00:00.000Z,0
CVE-2012-4198,https://securityvulnerability.io/vulnerability/CVE-2012-4198,,"The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error.",Mozilla,Bugzilla,,,0.0011399999493733048,false,,false,false,false,,,false,false,,2012-11-16T11:00:00.000Z,0
CVE-2012-4189,https://securityvulnerability.io/vulnerability/CVE-2012-4189,,"Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.",Mozilla,Bugzilla,,,0.0019000000320374966,false,,false,false,false,,,false,false,,2012-11-16T11:00:00.000Z,0
CVE-2012-4747,https://securityvulnerability.io/vulnerability/CVE-2012-4747,,"Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.",Mozilla,Bugzilla,,,0.002570000011473894,false,,false,false,false,,,false,false,,2012-09-04T11:04:00.000Z,0
CVE-2012-3981,https://securityvulnerability.io/vulnerability/CVE-2012-3981,,"Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.",Mozilla,Bugzilla,,,0.011420000344514847,false,,false,false,false,,,false,false,,2012-09-04T10:00:00.000Z,0
CVE-2012-1968,https://securityvulnerability.io/vulnerability/CVE-2012-1968,,"Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.",Mozilla,Bugzilla,,,0.002319999970495701,false,,false,false,false,,,false,false,,2012-07-30T13:55:00.000Z,0
CVE-2012-1969,https://securityvulnerability.io/vulnerability/CVE-2012-1969,,"The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.",Mozilla,Bugzilla,,,0.0026499999221414328,false,,false,false,false,,,false,false,,2012-07-30T13:55:00.000Z,0