CVE Tools

flyspray

Enterprise Softwareoss-project

10

Cumulative CVEs

7

Monthly snapshots

#58

Peak rank

Top products

Latest CVEs

The 10 most recently published vulnerabilities affecting flyspray.

CVE-2017-15214Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (in...5.4Oct 10, 2017
CVE-2017-15213Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/te...5.4Oct 10, 2017
CVE-2012-1058Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action t...6.0Feb 14, 2012
CVE-2008-1166Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.5.0Mar 5, 2008
CVE-2008-1165Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_val...4.3Mar 5, 2008
CVE-2007-6461Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index...4.3Dec 20, 2007
CVE-2007-1789Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests.6.8Mar 31, 2007
CVE-2007-1788Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.6.8Mar 31, 2007
CVE-2006-0714Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath ...5.0Feb 15, 2006
CVE-2005-3334Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) str...4.3Oct 27, 2005