FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-11 14:10:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9d3020e4-a2c4-11dd-a9f9-0030843d3802flyspray -- multiple vulnerabilities

The Flyspray Project reports:

Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $_SERVER['QUERY_STRING'] superglobal, that can be maliciously used to inject arbitrary code into the savesearch() javascript function.

There is an XSS problem in the history tab, the application fails to sanitize the "details" parameter correctly, leading to the possibility of arbitrary code injection into the getHistory() javascript function.

Flyspray is affected by a Cross Site scripting Vulnerability due missing escaping of SQL error messages. By including HTML code in a query and at the same time causing it to fail by submitting invalid data, an XSS hole can be exploited.

There is an XSS problem in the task history attached to comments, since the application fails to sanitize the old_value and new_value database fields for changed task summaries.

Input passed via the "item_summary" parameter to "index.php?do=details" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2008-02-24
Entry 2008-10-25
flyspray
< 0.9.9.5.1

CVE-2007-6461
CVE-2008-1165
CVE-2008-1166
http://secunia.com/advisories/29215