4 matches found
SUSE CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...
Debian DSA-4191-1 : redmine - security update
Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
[SECURITY] [DSA 4191-1] redmine security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4191-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 03, 2018 https://www.debian.org/security/faq -...
CVE-2017-15570
CVE-2017-15570 affects Redmine versions with known XSS in the Timelog view: 3.2.8 and earlier, 3.3.x before 3.3.5, and 3.4.x before 3.4.3. The vulnerability arises from crafted data in app/views/timelog/_list.html.erb, enabling cross-site scripting. Impact is cross-site scripting; the description...