{"id":"CVE-2017-15213","details":"Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.","modified":"2026-04-11T12:05:19.530892Z","published":"2017-10-11T01:32:55.240Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:flyspray:flyspray:*:rc4:*:*:*:*:*:*","extracted_events":[{"last_affected":"1.0"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2017/10/07/1"},{"type":"FIX","url":"https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/flyspray/flyspray","events":[{"introduced":"0"},{"fixed":"7800ed1c37f06a1395ebb2937d7f45fbf13e5167"},{"fixed":"754ec5d04348ef7ecb8cb02ade976dc412b031f8"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.0-rc6"}]}}],"versions":["v1.0-beta","v1.0-rc","v1.0-rc2","v1.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15213.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}