Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote malicious users to enumerate usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flyspray flyspray 0.9.9 |
||
flyspray flyspray 0.9.9.1 |
||
flyspray flyspray 0.9.9.2 |
||
flyspray flyspray 0.9.9.3 |
||
flyspray flyspray 0.9.9.4 |