140 matches found
PT-2022-6947 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.9 Redmine versions 5.0.x prior to 5.0.4 Description: The issue is related to the improper sanitization of the blockquote syntax in Textile-formatted fields, which can lead to a persistent XSS attack. This allows ...
CVE-2022-44637
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...
Redmine 跨站脚本漏洞
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4...
CVE-2022-44637
CVE-2022-44637 affects Redmine before 4.2.9 and 5.0.x before 5.0.4, where persistent XSS can be triggered via the Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on configuration, exploitation may require login as a registered user. Root cause: insu...
PT-2022-6948 · Redcloth3 +1 · Redcloth3 +1
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.2.9 and earlier, 5.0.x versions prior to 5.0.4 Description: The issue is related to improper sanitization in Redcloth3 Textile-formatted fields, allowing persistent XSS attacks. Depending on the configuration, exploitation...
CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS via Textile formatter due to improper sanitization of blockquote syntax in Textile-formatted fields. Affected versions should upgrade to at least Redmine 4.2.9 and 5.0.4. No exploit details are provided in the sources; note that th...
Redmine 跨站脚本漏洞
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4,...
CVE-2022-44637
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...
CVE-2022-44637
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...
CVE-2022-44637
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...
CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
es.tianjintextile.com Cross Site Scripting vulnerability OBB-2531505
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
fujie-textile.co.jp Cross Site Scripting vulnerability OBB-2150150
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Cross-Site Scripting (XSS)
Redmine is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via textile inline links...
Redmine Cross-Site Scripting Vulnerability (CNVD-2021-27366)
Redmine is an open source, web-based project management and defect tracking tool. A stored cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via textile inline links to conduct cross-site scripting attacks...
DEBIAN-CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...