CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-1165

Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.8%

CVSS Severity

CVSS v2 Score 4.3

References

http://flyspray.org/fsa:3
http://secunia.com/advisories/29215
https://exchange.xforce.ibmcloud.com/vulnerabilities/40963
http://flyspray.org/fsa:3
http://secunia.com/advisories/29215
https://exchange.xforce.ibmcloud.com/vulnerabilities/40963

Products affected by CVE-2008-1165

Flyspray » Flyspray » Version: 0.9.9

cpe:2.3:a:flyspray:flyspray:0.9.9
Flyspray » Flyspray » Version: 0.9.9.1

cpe:2.3:a:flyspray:flyspray:0.9.9.1
Flyspray » Flyspray » Version: 0.9.9.2

cpe:2.3:a:flyspray:flyspray:0.9.9.2
Flyspray » Flyspray » Version: 0.9.9.3

cpe:2.3:a:flyspray:flyspray:0.9.9.3
Flyspray » Flyspray » Version: 0.9.9.4

cpe:2.3:a:flyspray:flyspray:0.9.9.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-1165

Products

Pricing

Contact Us