Launchpad CVE tracker

CVE 2007-4543

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."

Related bugs and status

CVE-2007-4543 (Candidate) is related to these bugs:

Bug #138886: [Needs packaging] Update request: Bugzilla version 3.0

Summary				In	Importance	Status
	138886	[Needs packaging] Update request: Bugzilla version 3.0		bugzilla (Ubuntu)	Wishlist	Fix Released
	138886	[Needs packaging] Update request: Bugzilla version 3.0		bugzilla (Debian)	Unknown	Fix Released

Bug #156405: bugzilla package containts unecessary dependency on MTA (sendmail etc)

Summary				In	Importance	Status
	156405	bugzilla package containts unecessary dependency on MTA (sendmail etc)		bugzilla (Ubuntu)	Undecided	Fix Released

Bug #235461: dependencies to perl modules missing

Summary				In	Importance	Status
	235461	dependencies to perl modules missing		bugzilla (Ubuntu)	Undecided	Fix Released

Bug #235701: bugzilla package outdated

Summary				In	Importance	Status
	235701	bugzilla package outdated		bugzilla (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4543

References