3 matches found
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...
CVE-2017-15214
Flyspray 1.0-rc4 through 1.0-rc6 contains a stored XSS vulnerability. An authenticated user can inject JavaScript via the name, title, or id parameter in plugins/dokuwiki/lib/plugins/changelinks/syntax.php to execute code with administrator privileges or to target other users (including unauthent...
[ASA-201710-13] flyspray: cross-site scripting
Arch Linux Security Advisory ASA-201710-13 ========================================== Severity: High Date : 2017-10-10 CVE-ID : CVE-2017-15213 CVE-2017-15214 Package : flyspray Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-439 Summary ======= The package...