CVE-2023-47259

CVE-2023-47259 affects Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6, where the Textile formatter permits cross-site scripting (XSS). The root cause is improper handling within the Textile formatter, enabling an attacker to execute script in a user’s browser. The vulnerability is documented ac...

Regular Expression Denial of Service (ReDoS)

Overview RedCloth is a Textile parser for Ruby. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the sanitizehtml function. Exploiting this vulnerability is possible by supplying a crafted payload. Details Denial of Service DoS describes a family o...

RedCloth 安全漏洞

RedCloth is a Ruby library from Jason Garber's personal developer. It is used to convert Textile to HTML. A security vulnerability exists in RedCloth v4.0.0, which stems from a Regular Expression Denial of Service ReDoS issue found in the sanitizehtml function, which can be exploited by an attack...

textilesilitex.com Cross Site Scripting vulnerability OBB-3243458

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-site Scripting (XSS)

redmine is vulnerable to Cross-site Scripting XSS attacks. The library contains persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

Cross-Site Scripting (XSS)

redmine is vulnerable to Cross-Site Scripting XSS attacks. The library allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields, allowing an attacker to inject and execute malicious javascript on victim's browser...

SUSE CVE-2016-10515

In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

JVN#60211811: Redmine vulnerable to cross-site scripting

Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Impact An arbitrary script may be executed on the web browser of the user using the product. Solution Update the Software Update the software to the latest version according to the information...

DEBIAN-CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

DEBIAN-CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

Cross site scripting

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

Design/Logic Flaw

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

UBUNTU-CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

UBUNTU-CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...