Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 11/10/2017 Updated: 27/10/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Stored XSS vulnerability in Flyspray 1.0-rc4 prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flyspray flyspray 1.0

A stored XSS vulnerability in Flyspray between 10-rc4 and 10-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter of dokuwiki links in plugins/dokuwiki/lib/plugins/changelinks/syntaxphp ...

CWE-79 https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6 https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc http://openwall.com/lists/oss-security/2017/10/07/1 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-15214

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15214

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect