CVE-2008-1165 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.

Reference

http://flyspray.org/fsa:3 http://secunia.com/advisories/29215 https://exchange.xforce.ibmcloud.com/vulnerabilities/40963