Flyspray: >> Flyspray >> 0.9.7 Security Vulnerabilities
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
CVSS Score
5.0
EPSS Score
0.098
Published
2006-02-15
Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.
CVSS Score
4.3
EPSS Score
0.102
Published
2005-10-27