Inflectra: Security Vulnerabilities
Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-03-20
Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.
CVSS Score
9.8
EPSS Score
0.022
Published
2025-03-20