Bugzilla Security Advisory – Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/66040/bugzilla-multi.txt
Source: https://packetstormsecurity.com/files/66040/bugzilla-multi.txt.html