Vulnerability Description
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Inform
- http://seclists.org/bugtraq/2015/Dec/131
- http://www.securityfocus.com/bid/79662
- http://www.securitytracker.com/id/1034556
- https://bugzilla.mozilla.org/show_bug.cgi?id=1232785ExploitVendor Advisory
- https://www.bugzilla.org/security/4.2.15/
- http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Inform
- http://seclists.org/bugtraq/2015/Dec/131
- http://www.securityfocus.com/bid/79662
- http://www.securitytracker.com/id/1034556
- https://bugzilla.mozilla.org/show_bug.cgi?id=1232785ExploitVendor Advisory
- https://www.bugzilla.org/security/4.2.15/
FAQ
What is CVE-2015-8509?
CVE-2015-8509 is a vulnerability with a CVSS score of 3.5 (LOW). Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain ...
How severe is CVE-2015-8509?
CVE-2015-8509 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8509?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.