flyspray

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Unknown
Version	Removed

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-439	1.0rc4-1	1.0rc6-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2017-15214	AVG-439	High	Yes	Cross-site scripting	A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and...
CVE-2017-15213	AVG-439	High	Yes	Cross-site scripting	A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name...

Issue

Group

Severity

Remote

Type

Description

CVE-2017-15214

AVG-439

High

Yes

Cross-site scripting

A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and...

CVE-2017-15213

AVG-439

High

Yes

Cross-site scripting

A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name...

Advisories

Date	Advisory	Group	Severity	Type
10 Oct 2017	ASA-201710-13	AVG-439	High	cross-site scripting