CVE-2017-15214 in Flysprayinfo

Summary

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

10/10/2017

Disclosure

10/10/2017

Moderation

VulDB entry created

Entries

VDB-107671 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.4

EPSS

0.00638

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-15214
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-15214
CVE Details	https://www.cvedetails.com/cve/CVE-2017-15214/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!