CVE-2011-1723
CVE-2011-1723 : The affected software is Redmine, versions 1.0.1 through 1.1.1. A cross-site scripting (XSS) flaw exists in the view file app/views/layouts/base.rhtml, allowing remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to the path /projects/hg-helloworld/...