Detections
Analytics
FreeBSD : flyspray -- XSS vulnerabilities (f4b95430-51d8-11da-8e93-0010dc4afb40)
medium Nessus Plugin ID 21537
Synopsis
The remote FreeBSD host is missing a security-related update.Description
A Secunia Advisory reports :Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks.
Some input isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 21537
File Name: freebsd_pkg_f4b9543051d811da8e930010dc4afb40.nasl
Version: 1.23
Type: local
Family: FreeBSD Local Security Checks
Published: 5/13/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:flyspray, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: No exploit is required
Patch Publication Date: 11/10/2005
Vulnerability Publication Date: 10/26/2005
Reference Information
CVE: CVE-2005-3334
BID: 15209
Secunia: 17316