CVE-2008-1165

Name of the Vulnerable Software and Affected Versions Flyspray versions 0.9.9 through 0.9.9.4

Description The issue allows remote attackers to inject arbitrary web script or HTML, related to the item summary parameter in a details action in "index.php". This can be achieved via a forced SQL error message or old value and new value database fields in task summaries.

Recommendations For Flyspray versions 0.9.9 through 0.9.9.4, consider restricting access to the details action in index.php to minimize the risk of exploitation. As a temporary workaround, avoid using the item summary parameter in the affected API endpoint until the issue is resolved.