CVE-2006-5453

N/A Unknown

Published: October 23, 2006 Modified: April 23, 2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/22409

Source: cve@mitre.org

http://secunia.com/advisories/22790

Source: cve@mitre.org

http://secunia.com/advisories/22826

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200611-04.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/1760

Source: cve@mitre.org

http://securitytracker.com/id?1017063

Source: cve@mitre.org

Patch

http://www.bugzilla.org/security/2.18.5/

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1208

Source: cve@mitre.org

http://www.osvdb.org/29544

Source: cve@mitre.org

http://www.osvdb.org/29545

Source: cve@mitre.org

Patch

http://www.osvdb.org/29549

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/448777/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/20538

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4035

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=206037

Source: cve@mitre.org

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=330555

Source: cve@mitre.org

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=355728

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29610

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/29619

Source: cve@mitre.org

http://secunia.com/advisories/22409

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22790

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22826

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200611-04.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/1760

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017063

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.bugzilla.org/security/2.18.5/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1208

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29544

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/29545

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/29549

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/448777/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20538

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/4035

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=206037

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=330555

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=355728

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29610

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/29619

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Affected Vendors

mozilla