AVG-439 log

Package	flyspray
Status	Fixed
Severity	High
Type	cross-site scripting
Affected	1.0rc4-1
Fixed	1.0rc6-1
Current	Removed
Ticket	None
Created	Tue Oct 10 21:00:57 2017

Issue	Severity	Remote	Type	Description
CVE-2017-15214	High	Yes	Cross-site scripting	A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and...
CVE-2017-15213	High	Yes	Cross-site scripting	A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name...

Issue

Severity

Remote

Type

Description

CVE-2017-15214

High

Yes

Cross-site scripting

A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and...

CVE-2017-15213

High

Yes

Cross-site scripting

A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name...

Date	Advisory	Package	Type
10 Oct 2017	ASA-201710-13	flyspray	cross-site scripting

References
http://www.openwall.com/lists/oss-security/2017/10/10/6