CVE-2005-3334

medium

Description

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22889

http://www.securityfocus.com/bid/15209

http://www.osvdb.org/20326

http://www.debian.org/security/2006/dsa-953

http://secunia.com/advisories/18606

http://secunia.com/advisories/17316

http://flyspray.rocks.cc/bts/task/703

Details

Source: Mitre, NVD

Published: 2005-10-27

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium