CVEs referencing
https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6

Copy

CVE-2017-15213

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.

Max Base Score

5.4

Published

2017-10-11

Updated

2017-10-27

EPSS

0.07%

CVE-2017-15214

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Max Base Score

5.4

Published

2017-10-11

Updated

2017-10-27

EPSS

0.07%

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!