flyspray -- multiple vulnerabilities
The Flyspray Project reports:
Flyspray is affected by a Cross Site scripting Vulnerability
due to an error escaping PHP's $_SERVER['QUERY_STRING']
superglobal, that can be maliciously used to inject
arbitrary code into the savesearch() javascript function.
There is an XSS problem in the history tab, the application
fails to sanitize the "details" parameter correctly, leading
to the possibility of arbitrary code injection into the
getHistory() javascript function.
Flyspray is affected by a Cross Site scripting Vulnerability
due missing escaping of SQL error messages. By including HTML
code in a query and at the same time causing it to fail by
submitting invalid data, an XSS hole can be exploited.
There is an XSS problem in the task history attached to
comments, since the application fails to sanitize the
old_value and new_value database fields for changed task
summaries.
Input passed via the "item_summary" parameter to
"index.php?do=details" is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context of
an affected site.
Discovery 2008-02-24 Entry 2008-10-25 flyspray
< 0.9.9.5.1
CVE-2007-6461
CVE-2008-1165
CVE-2008-1166
http://secunia.com/advisories/29215
|