4 matches found
Debian DSA-4191-1 : redmine - security update
Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
UBUNTU-CVE-2017-15574
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment...
CVE-2017-15574
CVE-2017-15574 affects Redmine before 3.2.6 and 3.3.x before 3.3.3, enabling stored XSS via an SVG attachment. The vulnerability is evidenced in multiple sources: the NVD entry and CNVD/Nessus listings confirm the SVG-based XSS in Redmine’s attachment handling. Debian security advisories (DSA-419...
CVE-2017-15574
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment...