Security Advisory

CVE-2015-8509

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-01-03 02:00:00

Last updated 2024-08-06 08:20:42

Assigner mozilla

State PUBLISHED

Description

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.

← Browse all CVEs View on cve.org ↗