AVG-439

Package flyspray
Status Fixed
Severity High
Type cross-site scripting
Affected 1.0rc4-1
Fixed 1.0rc6-1
Current 1.0rc7-1 [community]
Ticket None
Created Tue Oct 10 21:00:57 2017
Issue Severity Remote Type Description
CVE-2017-15214 High Yes Cross-site scripting
A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and...
CVE-2017-15213 High Yes Cross-site scripting
A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name...
Date Advisory Package Description
10 Oct 2017 ASA-201710-13 flyspray cross-site scripting
References
http://www.openwall.com/lists/oss-security/2017/10/10/6