11 matches found
Flyspray 0.9.9 - Information Disclosure, HTML Injection, and Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28076/info Flyspray is prone to an information-disclosure issue, an HTML-injection issue, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may levera...
CVE-2008-1165
Multiple cross-site scripting XSS vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via 1 a forced SQL error message or 2 oldvalue and newvalue database fields in task summaries, related to the itemsummary parameter in a details action...
Flyspray 0.9.9 - Information DisclosureHTML Injection Cross-Site Scripting
Flyspray 0.9.9 - Information DisclosureHTML Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/28076/info Flyspray is prone to an information-disclosure issue, an HTML-injection issue, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize...
Flyspray 0.9.9 - Information Disclosure/HTML Injection / Cross-Site Scripting
source: https://www.securityfocus.com/bid/28076/info Flyspray is prone to an information-disclosure issue, an HTML-injection issue, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues determine valid...
CVE-2007-6461
Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...
Authentication flaw
Flyspray 0.9.9, when outputbuffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request...
CVE-2007-1788
Flyspray 0.9.9, when outputbuffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request...
CVE-2007-1789
Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...
Information disclosure
Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...
CVE-2007-1789
Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...
CVE-2007-1789
Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...