Lucene search
K

140 matches found

Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.1 views

PT-2022-6947 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.9 Redmine versions 5.0.x prior to 5.0.4 Description: The issue is related to the improper sanitization of the blockquote syntax in Textile-formatted fields, which can lead to a persistent XSS attack. This allows ...

6.4CVSS5.9AI score0.00402EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/12/12 12:0 a.m.16 views

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

6.1AI score0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.3 views

Redmine 跨站脚本漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4...

6.1CVSS5.8AI score0.00429EPSS
Exploits0References3
CVE
CVE
added 2022/12/12 12:0 a.m.64 views

CVE-2022-44637

CVE-2022-44637 affects Redmine before 4.2.9 and 5.0.x before 5.0.4, where persistent XSS can be triggered via the Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on configuration, exploitation may require login as a registered user. Root cause: insu...

6.1CVSS5.8AI score0.00429EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.2 views

PT-2022-6948 · Redcloth3 +1 · Redcloth3 +1

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.2.9 and earlier, 5.0.x versions prior to 5.0.4 Description: The issue is related to improper sanitization in Redcloth3 Textile-formatted fields, allowing persistent XSS attacks. Depending on the configuration, exploitation...

10CVSS5.8AI score0.00429EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/12/12 12:0 a.m.19 views

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

6.1AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2022/12/12 12:0 a.m.67 views

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS via Textile formatter due to improper sanitization of blockquote syntax in Textile-formatted fields. Affected versions should upgrade to at least Redmine 4.2.9 and 5.0.4. No exploit details are provided in the sources; note that th...

6.1CVSS5.9AI score0.00402EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.4 views

Redmine 跨站脚本漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4,...

6.1CVSS5.8AI score0.00402EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/12/12 12:0 a.m.22 views

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

6.1CVSS6.4AI score0.00429EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/12 12:0 a.m.4 views

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

6AI score0.00429EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/12/12 12:0 a.m.25 views

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

6.1CVSS6AI score0.00429EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/12 12:0 a.m.28 views

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

6.1CVSS6AI score0.00402EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2022/12/12 12:0 a.m.24 views

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

6.1CVSS6.3AI score0.00402EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2022/04/19 11:41 p.m.12 views

es.tianjintextile.com Cross Site Scripting vulnerability OBB-2531505

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/09/26 7:6 p.m.16 views

fujie-textile.co.jp Cross Site Scripting vulnerability OBB-2150150

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Veracode
Veracode
added 2021/05/16 7:27 a.m.18 views

Cross-Site Scripting (XSS)

Redmine is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via textile inline links...

6.1CVSS4AI score0.00696EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/04/07 12:0 a.m.9 views

Redmine Cross-Site Scripting Vulnerability (CNVD-2021-27366)

Redmine is an open source, web-based project management and defect tracking tool. A stored cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via textile inline links to conduct cross-site scripting attacks...

6.1CVSS5.7AI score0.00696EPSS
Exploits0References1
OSV
OSV
added 2021/04/06 8:15 a.m.1 views

DEBIAN-CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

6.1CVSS5.9AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2021/04/06 8:15 a.m.17 views

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

6.1CVSS0.00696EPSS
Exploits0References2
OSV
OSV
added 2021/04/06 8:15 a.m.19 views

CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...

5.3CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder