30 matches found
DEBIAN-CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
UBUNTU-CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
Redmine 跨站脚本漏洞
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4,...
PT-2022-6947 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.9 Redmine versions 5.0.x prior to 5.0.4 Description: The issue is related to the improper sanitization of the blockquote syntax in Textile-formatted fields, which can lead to a persistent XSS attack. This allows ...
CVE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
CVE-2021-43843
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
Design/Logic Flaw
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
CVE-2021-43838
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...
PT-2021-23973 · Jsx-Slack · Jsx-Slack
Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements into the tag with including multibyte characters, an internal regular...
PT-2021-23969 · Jsx-Slack · Jsx-Slack
Name of the Vulnerable Software and Affected Versions: jsx-slack versions prior to 4.5.1 Description: The issue concerns a regular expression denial-of-service ReDoS attack. If an attacker can put a lot of JSX elements into the tag, an internal regular expression for escaping characters may consu...