Flyspray Security Announcement 2
Flyspray Cross Site Scripting Vulnerabilities (2007-12-09)
- Release Date
- Last Modified
- Cristian Rodriguez
- Flyspray 0.9.9 - 0.9.9.3
- Vendor Status
- The Flyspray project has released an updated version
- Discovered by
- KAWASHIMA Takahiro
- 18, November 2007 - KAWASHIMA Takahiro disclosed vulnerability at email@example.com
- 19, November 2007 - possible solution discussed privately
- 19, November 2007 - Fix commited the SVN repository
- 09, December 2007 - Public disclosure.
While Flyspray escapes all output variables by default in order to prevent this type of vulnerabilities, some context-dependent problems, caused by the use of an incorrect escaping strategy has been found.
Problem with $_SERVER['QUERY_STRING']
Problem in the "History" tab
Proof of concept
This vulnerabilies can only be exploited by authenticated users using the following examples
and then clicking the "OK" button in the "save search as" dialog.
"History" tab problem
and then clicking in the history tab.
We strongly recommend to upgrade to the new version.