vulnerability
Arch Linux: Cross-site scripting (CVE-2017-15214)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Oct 10, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Oct 10, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter of dokuwiki links in plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-15214
- https://attackerkb.com/topics/CVE-2017-15214
- URL-http://openwall.com/lists/oss-security/2017/10/07/1
- URL-http://www.openwall.com/lists/oss-security/2017/10/10/6
- URL-https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc
- URL-https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6
- URL-https://security.archlinux.org/ASA-201710-13
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.