QwikSec

Security Database

CVE

CWE

Training

CVE-2017-15214

Published: Oct 10, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6

x_refsource_MISC

http://openwall.com/lists/oss-security/2017/10/07/1

x_refsource_MISC

https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.