CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

RedhatCVE•added 2025/05/22 3:34 p.m.•6 views

CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the backurl field...

6.1CVSS5.8AI score0.00339EPSS

Exploits0

OSV•added 2021/04/06 8:15 a.m.•1 views

DEBIAN-CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the backurl field...

6.1CVSS5.9AI score0.00339EPSS

Exploits0References1

NVD•added 2021/04/06 8:15 a.m.•12 views

CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the backurl field...

6.1CVSS0.00339EPSS

Exploits0References2

CVE•added 2021/04/06 7:59 a.m.•67 views

CVE-2020-36306

CVE-2020-36306 affects Redmine up to 4.0.7 and 4.1.x up to 4.1.1, where the back_url field enables Cross-Site Scripting (XSS). Root cause: inadequate sanitization of back_url in these versions. Impact: XSS via user-supplied data in the back_url parameter; exposure depends on context. Mitigation: ...

6.1CVSS6AI score0.00339EPSS

Exploits0References2Affected Software1