CVE-2007-6461 — MEDIUM (4.3)

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Flyspray	Flyspray	0.9.9

Related Weaknesses (CWE)

CWE-79

References

http://flyspray.org/fsa:2
http://osvdb.org/39256
http://osvdb.org/39257
http://secunia.com/advisories/28106Vendor Advisory
http://flyspray.org/fsa:2
http://osvdb.org/39256
http://osvdb.org/39257
http://secunia.com/advisories/28106Vendor Advisory

FAQ

What is CVE-2007-6461?

CVE-2007-6461 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index ac...

How severe is CVE-2007-6461?

CVE-2007-6461 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-6461?

Check the references section above for vendor advisories and patch information. Affected products include: Flyspray Flyspray.