JVN#01245481 Redmine vulnerable to cross-site scripting

2009-11-19T00:00:00
ID JVN:01245481
Type jvn
Reporter Japan Vulnerability Notes
Modified 2009-11-19T00:00:00

Description

## Description

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.

## Impact

An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Redmine 0.8.5 and earlier