CSV Injection Vulnerability in Bugzilla

CSV Injection Vulnerability in Bugzilla

CVE-2015-8509 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.

Learn more about our Web App Pen Testing.