CVE-2001-1402

EPSS 1.12% · P78 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2001-1402

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Bugzilla 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Bugzilla 2.14之前版本不能正确避免不信任参数，远程攻击者可以通过跨站脚本(CSS)和可能的在（1）reports.cgi中的产品或输出表单变量，（2）showvotes.cgi中的voteon，bug_id，以及用户变量，（3）createaccount.cgi中无效的电子邮件地址，（4）showdependencytree.cgi中无效的ID ，（5）process_bug.cgi中无效的用户名和其他领域，（6）buglist.cgi中的错误消息上的SQL注入攻击进行未授权的活动。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2001-1402

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2001-1402

Please Login to view more intelligence information

http://bugzilla.mozilla.org/show_bug.cgi?id=39536x_refsource_CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=38855x_refsource_CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=38854x_refsource_CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=95235x_refsource_CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=38859x_refsource_CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=87701x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2001-107.htmlvendor-advisoryx_refsource_REDHAT
http://marc.info/?l=bugtraq&m=99912899900567mailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2001-1402

Same Patch Batch · n/a · 2002-08-31 · 162 CVEs total

CVE-2002-1019		Adobe Content Server library eBook检验漏洞
CVE-2002-1005		ArGoSoft Mail Server Pro 1.8.1.7远程拒绝服务漏洞
CVE-2002-1007		Blackboard跨站脚本漏洞
CVE-2002-1008		Summit Computer Networks Lil' HTTP Server URLCount.CGI HTML注入漏洞
CVE-2002-1009		Summit Computer Networks Lil' HTTP Server pbcgi.cgi跨站脚本攻击（XSS）漏洞
CVE-2002-1010		Lotus Domino绕过web根中的访问限制漏洞
CVE-2002-1011		IBM Tivoli Management Framework Endpoint缓冲区溢出漏洞
CVE-2002-1012		IBM Tivoli Management Framework 管理节点机WEB服务远程缓冲区溢出漏洞
CVE-2002-1016		Adobe eBook Reader文件保护限制可突破漏洞
CVE-2002-1017		Adobe eBook Reader文件传送授权凭证弱算法漏洞
CVE-2002-1018		Adobe Content Server library拒绝服务漏洞
CVE-2002-1026		Macromedia Sitespring数据库引擎远程拒绝服务攻击漏洞
CVE-2002-1032		KeyFocus (KF) web server拒绝服务漏洞
CVE-2002-1029		WorldSpan Res Manager畸形TCP数据包服务拒绝漏洞
CVE-2002-1028		Oddsock Song Requester WinAmp Plugin服务拒绝漏洞
CVE-2002-1027		Macromedia Sitespring默认出错页面跨站脚本漏洞
CVE-2002-1022		Working Resources BadBlue明文密码本地存储漏洞
CVE-2002-1020		Adobe Content Server library eBook检验漏洞
CVE-2002-1021		Working Resources BadBlue NULL字节远程文件泄露漏洞
CVE-2002-1003		MyWebServer GET请求远程缓冲区溢出漏洞

Showing top 20 of 162 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2001-1402

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2001-1402

I. Basic Information for CVE-2001-1402

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2001-1402

III. Intelligence Information for CVE-2001-1402

Same Patch Batch · n/a · 2002-08-31 · 162 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2001-1402

Leave a comment