cvedb.io
CVE-2017-15214
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2017-10-11T01:32:55.287 · Last modified 2026-06-17T01:07:23.497

Summary

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.

Affected products

flyspray — flyspray

Does this affect you?

Add your gear to cvedb and we'll alert you only when flyspray ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.