Vulnerabilities > Flyspray

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-11	CVE-2017-15214	Cross-site Scripting vulnerability in Flyspray 1.0 Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. network low complexity flyspray CWE-79	5.4
2017-10-11	CVE-2017-15213	Cross-site Scripting vulnerability in Flyspray 1.0 Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. network low complexity flyspray CWE-79	5.4

Vulnerabilities > Flyspray {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Flyspray"}]}