[arch-security] [ASA-201710-13] flyspray: cross-site scripting
anthraxx at archlinux.org
Thu Oct 12 18:07:15 UTC 2017
Arch Linux Security Advisory ASA-201710-13
Date : 2017-10-10
CVE-ID : CVE-2017-15213 CVE-2017-15214
Package : flyspray
Type : cross-site scripting
Remote : Yes
Link : https://security.archlinux.org/AVG-439
The package flyspray before version 1.0rc6-1 is vulnerable to cross-
Upgrade to 1.0rc6-1.
# pacman -Syu "flyspray>=1.0rc6-1"
The problems have been fixed upstream in version 1.0rc6.
- CVE-2017-15213 (cross-site scripting)
A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an
privileges, via the real_name or email_address field in
- CVE-2017-15214 (cross-site scripting)
A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6
(including unauthenticated users), via the name, title, or id parameter
of dokuwiki links in
A remote attacker is able to perform a cross-side scripting attack and
possibly gain administrator privileges by injecting malicious
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 866 bytes
Desc: OpenPGP digital signature
More information about the arch-security