[arch-security] [ASA-201710-13] flyspray: cross-site scripting

Levente Polyak anthraxx at archlinux.org
Thu Oct 12 18:07:15 UTC 2017


Arch Linux Security Advisory ASA-201710-13
==========================================

Severity: High
Date    : 2017-10-10
CVE-ID  : CVE-2017-15213 CVE-2017-15214
Package : flyspray
Type    : cross-site scripting
Remote  : Yes
Link    : https://security.archlinux.org/AVG-439

Summary
=======

The package flyspray before version 1.0rc6-1 is vulnerable to cross-
site scripting.

Resolution
==========

Upgrade to 1.0rc6-1.

# pacman -Syu "flyspray>=1.0rc6-1"

The problems have been fixed upstream in version 1.0rc6.

Workaround
==========

None.

Description
===========

- CVE-2017-15213 (cross-site scripting)

A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an
authenticated user to inject JavaScript to gain administrator
privileges, via the real_name or email_address field in
themes/CleanFS/templates/common.editallusers.tpl.

- CVE-2017-15214 (cross-site scripting)

A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6
allows an authenticated user to inject JavaScript to gain administrator
privileges and also to execute JavaScript against other users
(including unauthenticated users), via the name, title, or id parameter
of dokuwiki links in
plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Impact
======

A remote attacker is able to perform a cross-side scripting attack and
possibly gain administrator privileges by injecting malicious
javascript.

References
==========

http://www.openwall.com/lists/oss-security/2017/10/10/6
https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8
https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc
https://security.archlinux.org/CVE-2017-15213
https://security.archlinux.org/CVE-2017-15214

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20171012/ca1e83c3/attachment.asc>


More information about the arch-security mailing list