CVE-2017-15214
N/A
N/A
Summary
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6
- http://openwall.com/lists/oss-security/2017/10/07/1
- https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc
References
- https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6
- http://openwall.com/lists/oss-security/2017/10/07/1
- https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.