Need some more information about the #272620 bug

Alexis Sukrieh sukria at
Fri Jan 7 13:32:53 UTC 2005

Hello Bugzilla developers.

I'm working on the maintenance of the Bugzilla package for the Debian

We have recently noticed that there is an important bug report on
Bugzilla which is about XSS issues[1].

This bug is closed to the public in your bug database and then, the
Debian team is not able to access details about what can be
vulnerable in the sofwtare.

We would really apreciate your help to fix this bug.

I've already try to exploit our Bugzilla version with submiting values
such as '<script>alert(1)</script>' in many forms and, hopefully,
everytime, Bugzilla said that the variable is not valid.

Anyway, as this bug is serious, I really cannot close it without being
sure that our version is not affected.

We actually provide the 2.16.7 release.

Any help is strongly welcome.

Best Regards.


1 :

                                  Alexis Sukrieh <sukria at>

« Quidquid latine dictum sit, altum sonatur. » 
Whatever is said in Latin sounds profound.

More information about the developers mailing list