{"id":"CVE-2017-15213","details":"Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.","modified":"2026-03-14T09:24:36.736390Z","published":"2017-10-11T01:32:55.240Z","references":[{"type":"ADVISORY","url":"https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/10/07/1"},{"type":"FIX","url":"https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/flyspray/flyspray","events":[{"introduced":"0"},{"fixed":"7800ed1c37f06a1395ebb2937d7f45fbf13e5167"},{"fixed":"754ec5d04348ef7ecb8cb02ade976dc412b031f8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0-rc6"}]}}],"versions":["v1.0-beta","v1.0-rc","v1.0-rc2","v1.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15213.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}