---

CVE-2017-15214 - log back

CVE-2017-15214 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Cross-site scripting
Description	+ A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter of dokuwiki links in plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
References	+ https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc
Notes