2 matches found
Debian DSA-4191-1 : redmine - security update
Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
CVE-2017-15571
CVE-2017-15571 affects Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3. The vulnerability is a cross-site scripting (XSS) flaw in app/views/issues/_list.html.erb caused by crafted column data, enabling injection of HTML/script in affected deployments. Connected sources conf...