Vulnerabilities > Flyspray > Flyspray > 0.9.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-05 | CVE-2008-1166 | Information Exposure vulnerability in Flyspray Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | 5.0 |
2008-03-05 | CVE-2008-1165 | Cross-Site Scripting vulnerability in Flyspray Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. | 4.3 |