Detections
Analytics
FreeBSD : flyspray -- multiple vulnerabilities (9d3020e4-a2c4-11dd-a9f9-0030843d3802)
medium Nessus Plugin ID 34498
Synopsis
The remote FreeBSD host is missing a security-related update.Description
The Flyspray Project reports :Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $_SERVER['QUERY_STRING'] superglobal, that can be maliciously used to inject arbitrary code into the savesearch() JavaScript function.
There is an XSS problem in the history tab, the application fails to sanitize the 'details' parameter correctly, leading to the possibility of arbitrary code injection into the getHistory() JavaScript function.
Flyspray is affected by a Cross Site scripting Vulnerability due missing escaping of SQL error messages. By including HTML code in a query and at the same time causing it to fail by submitting invalid data, an XSS hole can be exploited.
There is an XSS problem in the task history attached to comments, since the application fails to sanitize the old_value and new_value database fields for changed task summaries.
Input passed via the 'item_summary' parameter to 'index.php?do=details' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 34498
File Name: freebsd_pkg_9d3020e4a2c411dda9f90030843d3802.nasl
Version: 1.18
Type: local
Family: FreeBSD Local Security Checks
Published: 10/27/2008
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:flyspray, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 10/25/2008
Vulnerability Publication Date: 2/24/2008