icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Flyspray Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running FlySpray, a bug-reporting web application. This version of Flyspray is vulnerable to a remote cross-site scripting (XSS) attack. An attacker exploiting this flaw would typically need to convince a user to browse to a malicious URI. Success exploitation would result in the theft of confidential materials (such as authentication cookies). In addition, the remote host is vulnerable to a remote file inclusion flaw. A remote attacker can supply PHP code and then trick the FlySpray server into executing the code.

Solution

Upgrade or patch according to vendor recommendations.