Candidate: CVE-2011-3657
PublicDate: 2012-01-02 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3657
 http://www.bugzilla.org/security/3.4.12/
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x
 before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3,
 and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to
 inject arbitrary web script or HTML via vectors involving a (1) tabular
 report, (2) graphical report, or (3) new chart.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=697699
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
upstream_bugzilla: released (3.4.13,3.6.7)
hardy_bugzilla: ignored (reached end-of-life)
lucid_bugzilla: ignored (reached end-of-life)
maverick_bugzilla: ignored (reached end-of-life)
natty_bugzilla: ignored (reached end-of-life)
oneiric_bugzilla: ignored (reached end-of-life)
precise_bugzilla: DNE
quantal_bugzilla: DNE
raring_bugzilla: DNE
saucy_bugzilla: DNE
devel_bugzilla: DNE