Lucene search
HistoryOct 27, 2005 - 10:02 a.m.
CVE-2005-3334
cve-2005-3334
xss
vulnerability
flyspray
index.php
web script
html
remote attackers
phpsessid
task
string
type
serv
due
dev
sort2 parameters
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.1%
Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.
Affected configurations
Node
flysprayflysprayMatch0.9.7
ORflysprayflysprayMatch0.9.8
ORflysprayflysprayMatch0.9.8dev
| CPE | Name | Operator | Version |
|---|---|---|---|
| flyspray:flyspray | flyspray | eq | 0.9.7 |
| flyspray:flyspray | flyspray | eq | 0.9.8 |
References
Related
ubuntucve
ubuntucve
CVE-2005-3334
2005-10-27 00:00:00
securityvulns
securityvulns
openvas
openvas
FreeBSD Ports: flyspray
2008-09-04 00:00:00
Debian: Security Advisory (DSA-953-1)
2008-01-17 00:00:00
FreeBSD Ports: flyspray
2008-09-04 00:00:00
cvelist
cvelist
CVE-2005-3334
2005-10-27 04:00:00
nvd
nvd
CVE-2005-3334
2005-10-27 10:02:00
debian
debian
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting
2006-01-24 16:33:40
[SECURITY] [DSA 953-1] New flyspray packages fix cross-site scripting
2006-01-24 16:33:40
osv
osv
flyspray - missing input sanitising
2006-01-24 00:00:00
nessus
nessus
Debian DSA-953-1 : flyspray - missing input sanitising
2006-10-14 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.1%
Related for CVE-2005-3334