peterdd

2 exploits Active since Oct 2017
CVE-2017-15213 WRITEUP MEDIUM WRITEUP
Flyspray < 1.0 - Authenticated Stored Cross-Site Scripting via User Profile Fields
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
CVSS 5.4
CVE-2017-15214 WRITEUP MEDIUM WRITEUP
Flyspray 1.0-rc4 - Authenticated Stored Cross-Site Scripting via DokuWiki Changelinks Plugin Parameters
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
CVSS 5.4