{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T17:53:18.046","vulnerabilities":[{"cve":{"id":"CVE-2017-15214","sourceIdentifier":"cve@mitre.org","published":"2017-10-11T01:32:55.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php."},{"lang":"es","value":"Cross-Site Scripting (XSS) persistente en Flyspray en versiones anteriores a 1.0-rc6 permite que un usuario autenticado inyecte JavaScript para obtener privilegios de administrador y también ejecute JavaScript contra otros usuarios (incluyendo a los que no se hayan autenticado) mediante los parámetros name, title o id en plugins/dokuwiki/lib/plugins/changelinks/syntax.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flyspray:flyspray:1.0:rc4:*:*:*:*:*:*","matchCriteriaId":"26A4FBFF-F162-49A9-9373-6DE517B6264E"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/10/07/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/10/07/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}