Total vulnerabilities in the database
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
| Software | From | Fixed in |
|---|---|---|
| mozilla / bugzilla | 4.0.2 | 4.0.2.x |
| mozilla / bugzilla | 4.0.3 | 4.0.3.x |
| mozilla / bugzilla | 4.0.4 | 4.0.4.x |
| mozilla / bugzilla | 4.1.1 | 4.1.1.x |
| mozilla / bugzilla | 4.2-rc1 | 4.2-rc1.x |
| mozilla / bugzilla | 4.2-rc2 | 4.2-rc2.x |
| mozilla / bugzilla | 4.1.2 | 4.1.2.x |
| mozilla / bugzilla | 4.1.3 | 4.1.3.x |