Flyspray

Flyspray

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2017-15213

  • EPSS 0.29%
  • Veröffentlicht 11.10.2017 01:32:55
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.

5.4

CVE-2017-15214

  • EPSS 0.64%
  • Veröffentlicht 11.10.2017 01:32:55
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, ...

6

CVE-2012-1058

Exploit
  • EPSS 0.33%
  • Veröffentlicht 14.02.2012 00:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

4.3

CVE-2008-1165

  • EPSS 0.3%
  • Veröffentlicht 05.03.2008 23:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, r...

5

CVE-2008-1166

  • EPSS 0.28%
  • Veröffentlicht 05.03.2008 23:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

4.3

CVE-2007-6461

  • EPSS 0.29%
  • Veröffentlicht 20.12.2007 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript functio...

6.8

CVE-2007-1788

  • EPSS 0.14%
  • Veröffentlicht 31.03.2007 10:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.

6.8

CVE-2007-1789

  • EPSS 1.01%
  • Veröffentlicht 31.03.2007 10:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests.

5

CVE-2006-0714

Exploit
  • EPSS 10.68%
  • Veröffentlicht 15.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

4.3

CVE-2005-3334

Exploit
  • EPSS 10.25%
  • Veröffentlicht 27.10.2005 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) so...