Stored XSS Vulnerability in Flyspray 1.0-rc4: Remote Code Execution and Privilege Escalation

Stored XSS Vulnerability in Flyspray 1.0-rc4: Remote Code Execution and Privilege Escalation

CVE-2017-15214 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Learn more about our User Device Pen Test.