FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

flyspray -- multiple vulnerabilities

Affected packages
flyspray < 0.9.9.5.1

Details

VuXML ID 9d3020e4-a2c4-11dd-a9f9-0030843d3802
Discovery 2008-02-24
Entry 2008-10-25

The Flyspray Project reports:

Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $_SERVER['QUERY_STRING'] superglobal, that can be maliciously used to inject arbitrary code into the savesearch() javascript function.

There is an XSS problem in the history tab, the application fails to sanitize the "details" parameter correctly, leading to the possibility of arbitrary code injection into the getHistory() javascript function.

Flyspray is affected by a Cross Site scripting Vulnerability due missing escaping of SQL error messages. By including HTML code in a query and at the same time causing it to fail by submitting invalid data, an XSS hole can be exploited.

There is an XSS problem in the task history attached to comments, since the application fails to sanitize the old_value and new_value database fields for changed task summaries.

Input passed via the "item_summary" parameter to "index.php?do=details" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

References

CVE Name CVE-2007-6461
CVE Name CVE-2008-1165
CVE Name CVE-2008-1166
URL http://secunia.com/advisories/29215