CVE-2017-15214 log

Source
Severity High
Remote Yes
Type Cross-site scripting
Description
A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter of dokuwiki links in plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
Group Package Affected Fixed Severity Status Ticket
AVG-439 flyspray 1.0rc4-1 1.0rc6-1 High Fixed
Date Advisory Group Package Severity Description
10 Oct 2017 ASA-201710-13 AVG-439 flyspray High cross-site scripting
References
https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc