5 matches found
CVE-2012-0327
Cross-site scripting XSS vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-0327
Cross-site scripting XSS vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Security feature bypass
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...
CVE-2012-0327
The supplied connected documents confirm a vulnerability in Redmine before 1.3.2 described as a Cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML via unspecified vectors. Affected software: Redmine prior to version 1.3.2. Root cause: XSS vulnerability ...
CVE-2012-0327
Cross-site scripting XSS vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...