CVE-2005-3334 Information

Description

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID (2) task (3) string (4) type (5) serv (6) due (7) dev and (8) sort2 parameters.

Reference

http://flyspray.rocks.cc/bts/task/703 http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html http://secunia.com/advisories/17316 http://secunia.com/advisories/18606 http://www.debian.org/security/2006/dsa-953 http://www.osvdb.org/20326 http://www.securityfocus.com/bid/15209 https://exchange.xforce.ibmcloud.com/vulnerabilities/22889