mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-02 19:53:47 +00:00
769 B
769 B
CVE-2011-0048
Description
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.
POC
Reference
Github
No PoCs found on GitHub currently.