“A potentially-dangerous security bug has been detected in
Bugzilla, a popular open-source bug-tracking software run by the
Mozilla Foundation.“Researchers warned of the cross site scripting vulnerability
within Bugzilla that lets a remote attacker create a malicious link
containing script code which could be executed in the browser of a
legitimate user, in the context of the Web site running
Bugzilla.“Because Bugzilla does not properly sanitize any input submitted
by users, malicious script could be embedded and may be exploited
to steal cookie-based authentication credentials from legitimate
users of the Web site running the vulnerable software…”
Related Story:
Debian GNU/Linux Advisory: bugzilla(Dec 30, 2002)