FreeBSD : flyspray -- multiple vulnerabilities (9d3020e4-a2c4-11dd-a9f9-0030843d3802)

Medium Nessus Plugin ID 34498


The remote FreeBSD host is missing a security-related update.


The Flyspray Project reports :

Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $_SERVER['QUERY_STRING'] superglobal, that can be maliciously used to inject arbitrary code into the savesearch() JavaScript function.

There is an XSS problem in the history tab, the application fails to sanitize the 'details' parameter correctly, leading to the possibility of arbitrary code injection into the getHistory() JavaScript function.

Flyspray is affected by a Cross Site scripting Vulnerability due missing escaping of SQL error messages. By including HTML code in a query and at the same time causing it to fail by submitting invalid data, an XSS hole can be exploited.

There is an XSS problem in the task history attached to comments, since the application fails to sanitize the old_value and new_value database fields for changed task summaries.

Input passed via the 'item_summary' parameter to 'index.php?do=details' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 34498

File Name: freebsd_pkg_9d3020e4a2c411dda9f90030843d3802.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2008/10/27

Modified: 2016/12/08

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:flyspray, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/10/25

Vulnerability Publication Date: 2008/02/24

Reference Information

CVE: CVE-2007-6461, CVE-2008-1165, CVE-2008-1166

Secunia: 29215

CWE: 79, 200