CVE-2017-15568

2017-10-18T02:29:00
ID CVE-2017-15568
Type cve
Reporter cve@mitre.org
Modified 2019-03-14T15:00:00

Description

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.