CVE-2017-15213 log

Source
Severity High
Remote Yes
Type Cross-site scripting
Description
A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field in themes/CleanFS/templates/common.editallusers.tpl.
Group Package Affected Fixed Severity Status Ticket
AVG-439 flyspray 1.0rc4-1 1.0rc6-1 High Fixed
Date Advisory Group Package Severity Description
10 Oct 2017 ASA-201710-13 AVG-439 flyspray High cross-site scripting
References
https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8