06. January 2005

Cross-site scripting vulnerability in Bugzilla 2.16.7 and 2.18rc3

by Bugzilla Team

We’ve released a security advisory and patches for a potential cross-site scripting issue with Bugzilla’s error messages. Not all browsers are affected, but to protect all of your users, applying the patches is recommended. These fixes will be included in the upcoming 2.16.8 and 2.18 releases as well as the next snapshot from the trunk (either 2.20rc1 or 2.19.2).