140 matches found
DEBIAN-CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...
CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...
CVE-2016-10515
CVE-2016-10515 affects Redmine prior to 3.2.3, with stored XSS in Textile and Markdown text formatting and project homepages. The root cause is stored cross-site scripting in user-supplied formatting that can be persisted in pages rendered by Redmine. Affected software is Redmine (versions before...
CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...
CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...
knoll.com XSS vulnerability
Vulnerable URL: https://www.knoll.com/textile-search-results?authkey==UPHOLSTERY=priceHigh=xss%22%3E%3Csvg/onload=prompt%27openbugbounty%27%3E=1347382634020=1353009381576===search Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| XSS...
gamme-select.fr XSS vulnerability
Vulnerable URL: http://www.gamme-select.fr/textile/eponge-88.html?limit=16=listing=3 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3136948 VIP website status:| No Check...
GitLab: [Textile] XSS in project README files
Hi, Another parser bypass here – I discovered that Textile markup can be used to inject a stored JavaScript payload into a project README.textile file : Steps to Reproduce 1. Create a new GitLab project 2. Initialise the project by creating a README file 3. Set the file title to README.textile 4...
Debian DLA-167-1 : redcloth security update
Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML. NOTE: Tenable Network Securi...
DLA-167-1 redcloth - security update
Bulletin has no description...
[SECURITY] [DSA 3168-1] ruby-redcloth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3168-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 22, 2015 http://www.debian.org/security/faq -...
Textile Link Parsing XSS
RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting XSS attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute...
CVE-2011-4928
Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-4928
Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
DEBIAN-CVE-2011-4928
Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-4928
Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-4928
The CVE-2011-4928 entry is for an XSS vulnerability in Redmine’s textile formatter prior to version 1.0.5, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The provided documents confirm the affected component and the general impact, but do not include con...
CVE-2011-4928
Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
[SECURITY] [DSA 2261-1] redmine security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2261-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 15, 2011 http://www.debian.org/security/faq -...
redmine -- multiple vulnerabilities
Jean-Philippe Lang reports: This release also fixes 3 security issues reported by joernchen of Phenoelit: logged in users may be able to access private data affected versions: 1.0.x persistent XSS vulnerability in textile formatter affected versions: all previous releases remote command execution...