Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Jun 16, 2026

CVE-2002-0807

Description

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Mozilla Corporation/Bugzilla5 versions
cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
- (no CPE)range: >=2.14, <2.14.2, >=2.16, <2.16rc2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2002-06/0054.htmlnvdPatchVendor Advisory
bugzilla.mozilla.org/show_bug.cginvd
www.iss.net/security_center/static/9304.phpnvd
www.securityfocus.com/bid/4964nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000