flyspray

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight, web-based bug tracking system written in PHP
Version 1.0rc7-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-439 1.0rc4-1 1.0rc6-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-15214 AVG-439 High Yes Cross-site scripting
A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and...
CVE-2017-15213 AVG-439 High Yes Cross-site scripting
A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name...

Advisories

Date Advisory Group Severity Description
10 Oct 2017 ASA-201710-13 AVG-439 High cross-site scripting