Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 up to and including 0.9.9.3 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flyspray flyspray 0.9.9 |
||
flyspray flyspray 0.9.9.1 |
||
flyspray flyspray 0.9.9.2 |
||
flyspray flyspray 0.9.9.3 |