3.5
CVSSv2

CVE-2017-15213

Published: 11/10/2017 Updated: 27/10/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.

Vendor Advisories

Arch Linux Security Advisory ASA-201710-13 ========================================== Severity: High Date : 2017-10-10 CVE-ID : CVE-2017-15213 CVE-2017-15214 Package : flyspray Type : cross-site scripting Remote : Yes Link : securityarchlinuxorg/AVG-439 Summary ======= The package flyspray before version 10rc6-1 is vulnerab ...
A stored XSS vulnerability in Flyspray before 10-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field in themes/CleanFS/templates/commoneditalluserstpl ...