CVE-2017-15569

2017-10-1802:29:00

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

JSON

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.

References

github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508

www.debian.org/security/2018/dsa-4191

www.redmine.org/issues/27186

www.redmine.org/projects/redmine/wiki/Security_Advisories