oss-sec mailing list archives
Re: Stored XSS vulnerabilities in Flyspray
From: chbi () chbi eu
Date: Tue, 10 Oct 2017 19:53:18 +0200
A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges. Fix: https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8
CVE-2017-15213 has been assigned. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15213
A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users). Fix https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc
CVE-2017-15214 has been assigned. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15214 -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Stored XSS vulnerabilities in Flyspray chbi (Oct 07)
- Re: Stored XSS vulnerabilities in Flyspray chbi (Oct 10)