VYPR
Medium severity5.4OSV Advisory· Published Oct 11, 2017· Updated Jun 17, 2026

CVE-2017-15213

CVE-2017-15213

Description

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Flyspray/FlysprayOSV2 versions
    v1.0-beta, v1.0-rc, v1.0-rc2, …+ 1 more
    • (no CPE)range: v1.0-beta, v1.0-rc, v1.0-rc2, …
    • (no CPE)range: <1.0-rc6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.