2 matches found
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 953-1 [email protected] http://www.debian.org/security/ Martin Schulze January 24th, 2006 http://www.debian.org/security/faq -...
CVE-2005-3334
CVE-2005-3334 concerns Flyspray, a lightweight bug-tracking web app. The vulnerability affects Flyspray 0.9.7 through 0.9.8 (devel) and is a cross-site scripting (XSS) flaw in the index.php page. An attacker can inject arbitrary web script or HTML via multiple parameters (PHPSESSID, task, string,...