140 matches found
DEBIAN-CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
Design/Logic Flaw
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
UBUNTU-CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
Cross site scripting
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
UBUNTU-CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
CVE-2020-36307
CVE-2020-36307 affects Redmine before 4.0.7 and Redmine 4.1.x before 4.1.1, with a stored XSS flaw via textile inline links. Several connected sources corroborate the vulnerability as a stored cross‑site scripting issue in Redmine’s web UI. Debian LTS advisories cite a patched Redmine version (3....
CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
CVE-2019-25026
CVE-2019-25026 affects Redmine prior to 3.4.13 and 4.x prior to 4.0.6, where Textile formatting mishandles markup data. The connected advisories attribute a risk of cross-site scripting, information disclosure, and reading arbitrary files from the server. Mitigation per public advisories is to up...
CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
Redmine 跨站脚本漏洞
Redmine is an open source, web-based project management and defect tracking tool. A stored cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via textile inline links to conduct cross-site scripting attacks...
PT-2021-4536 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.6 Redmine versions 4.1.0 through 4.1.0 Description: The issue is related to stored XSS via textile inline links, which can be exploited by a remote attacker to impact data integrity. The vulnerability is due...
Unauthorized Access Vulnerability in Tanaosoft Towel Textile ERP System
Jiangsu Hans Future Information Technology Co., Ltd, formerly known as "Huai'an Qixi Software Co., Ltd", was founded in 2009, is a technology-based enterprise mainly engaged in software development and sales. An unauthorized access vulnerability exists in the Tanaosoft Towel Textile ERP system. A...
SQL Injection Vulnerability in Tanaosoft Towel Textile ERP System
Ltd. was formerly known as "Huai'an Qixi Software Co., Ltd.", is a dual-soft certification, with independent computer software research and development capabilities, software development and sales-oriented technology-based enterprises. A SQL injection vulnerability exists in the Tanaosoft Towel...
textile-test.cn Cross Site Scripting vulnerability OBB-1495549
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
germantechnology-indonesiantextile.de Cross Site Scripting vulnerability OBB-1431601
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
textilesandstuff.co.uk Cross Site Scripting vulnerability OBB-1359194
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...