Описание
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
Ссылки
- Mailing ListPatchThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Mailing ListPatchThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:flyspray:flyspray:1.0:rc4:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00638
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
EPSS
Процентиль: 70%
0.00638
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79