This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Flyspray First view 2005-10-27
Product Flyspray Last view 2017-10-10
Version 0.9.7 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:flyspray:flyspray

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2017-10-10 CVE-2017-15213

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.

5 2006-02-15 CVE-2006-0714

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

4.3 2005-10-27 CVE-2005-3334

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
23171 Flyspray install-0.9.7.php adodbpath Parameter Remote File Inclusion
20326 Flyspray index.php Multiple Parameter XSS

OpenVAS Exploits

id Description
2008-09-04 Name : FreeBSD Ports: flyspray
File : nvt/freebsd_flyspray.nasl
2008-01-17 Name : Debian Security Advisory DSA 953-1 (flyspray)
File : nvt/deb_953_1.nasl

Nessus® Vulnerability Scanner

id Description
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-953.nasl - Type: ACT_GATHER_INFO
2006-05-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_f4b9543051d811da8e930010dc4afb40.nasl - Type: ACT_GATHER_INFO
2006-02-16 Name: The remote web server contains a PHP script that is affected by a remote file...
File: flyspray_adodbpath_file_include.nasl - Type: ACT_ATTACK