CVE-2008-1165 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00296.

Key SSVC decision points have not yet been added.

Vendors	Products
Flyspray Subscribe	Flyspray Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:flyspray:flyspray:0.9.9:::::::*
	cpe:2.3:a:flyspray:flyspray:0.9.9.1:::::::*
	cpe:2.3:a:flyspray:flyspray:0.9.9.2:::::::*
	cpe:2.3:a:flyspray:flyspray:0.9.9.3:::::::*
	cpe:2.3:a:flyspray:flyspray:0.9.9.4:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-1174	Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://flyspray.org/fsa:3
http://secunia.com/advisories/29215
https://exchange.xforce.ibmcloud.com/vulnerabilities/40963

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-05T23:00:00

Updated: 2024-08-07T08:08:57.677Z

Reserved: 2008-03-05T00:00:00

Link: CVE-2008-1165

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-03-05T23:44:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1165

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://flyspray.org/fsa:3"}, {"name": "29215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29215"}, {"name": "flyspray-itemsummary-xss(40963)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2008-1165", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://flyspray.org/fsa:3", "refsource": "CONFIRM", "url": "http://flyspray.org/fsa:3"}, {"name": "29215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29215"}, {"name": "flyspray-itemsummary-xss(40963)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.677Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://flyspray.org/fsa:3"}, {"name": "29215", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29215"}, {"name": "flyspray-itemsummary-xss(40963)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1165", "datePublished": "2008-03-05T23:00:00", "dateReserved": "2008-03-05T00:00:00", "dateUpdated": "2024-08-07T08:08:57.677Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flyspray:flyspray:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "3A3B6A62-B941-49CC-820B-2E8AF21438EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:flyspray:flyspray:0.9.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "467BEC81-7F89-40DD-8194-45C1978A43DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:flyspray:flyspray:0.9.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3593A1D6-B4EE-40A3-A807-3BE34290C4F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:flyspray:flyspray:0.9.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "04ABFF20-F663-416B-B3C3-00B12F6FDE99", "vulnerable": true}, {"criteria": "cpe:2.3:a:flyspray:flyspray:0.9.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "8BFF89F6-911C-46CD-BD2E-D1498A0C8E8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Flyspray de 0.9.9 a 0.9.9.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de 1) un mensaje forzado de error SQL o (2) los campos old_value y new_value database en task summaries, relacionados con el par\u00e1metro item_summary en una acci\u00f3n details en index.php. NOTA: algunos de estos detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."}], "id": "CVE-2008-1165", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-03-05T23:44:00.000", "references": [{"source": "[email protected]", "url": "http://flyspray.org/fsa:3"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29215"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://flyspray.org/fsa:3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}