PublicDate: 2008-05-07 20:20:00 UTC
Candidate: CVE-2008-2103
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2103
Description:
 Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later
 allows remote attackers to inject arbitrary web script or HTML via the id
 parameter to the "Format for Printing" view or "Long Format" bug list.
Ubuntu-Description:
Notes:
 kees> this should really be for bugzilla3, but it's not in intrepid yet
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
upstream_bugzilla: released (3.0.1)
dapper_bugzilla: ignored (reached end-of-life)
feisty_bugzilla: needed (reached end-of-life)
gutsy_bugzilla: needed (reached end-of-life)
hardy_bugzilla: ignored (reached end-of-life)
intrepid_bugzilla: not-affected (3.0.4-0ubuntu1)
jaunty_bugzilla: not-affected (3.0.4-0ubuntu1)
karmic_bugzilla: not-affected (3.0.4-0ubuntu1)
lucid_bugzilla: not-affected (3.0.4-0ubuntu1)
maverick_bugzilla: not-affected (3.0.4-0ubuntu1)
natty_bugzilla: not-affected (3.0.4-0ubuntu1)
oneiric_bugzilla: not-affected (3.0.4-0ubuntu1)
devel_bugzilla: not-affected (3.0.4-0ubuntu1)