|
255971
|
6.1 |
MEDIUM
Network
|
shaarli_project
|
shaarli
|
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (fo…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15215
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255972
|
5.4 |
MEDIUM
Network
|
flyspray
|
flyspray
|
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (incl…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15214
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255973
|
5.4 |
MEDIUM
Network
|
flyspray
|
flyspray
|
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/temp…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15213
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255974
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
|
CWE-200
Information Exposure
|
CVE-2017-15212
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255975
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15211
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255976
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
|
CWE-200
Information Exposure
|
CVE-2017-15210
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255977
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15209
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255978
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15208
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255979
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15207
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255980
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15206
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
