CVE-2017-15213 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field in themes/CleanFS/templates/common.editallusers.tpl. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-439 | flyspray | 1.0rc4-1 | 1.0rc6-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 10 Oct 2017 | ASA-201710-13 | AVG-439 | flyspray | High | cross-site scripting |
| References |
|---|
https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8 |