|
|
Info |
Last Modified |
| 2 months ago |
|
|
|
|
|
This Entry needs help! It is only 45% Complete. Click the edit link above to add more information.
Contributing is fast and easy, and benefits the entire security community.
|
|
Description |
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Solution:
Upgrade
Exploit:
Exploit Available
Disclosure:
Vendor Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 0.9.9.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
Unknown or Incomplete
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
