5 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-36306
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the backurl field. CVE-2020-36306 Note that Nessus relies on the presence of the package as reported by...
PT-2021-7414 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.1.5 and earlier Redmine versions 4.2.x before 4.2.3 Description: The issue is related to an insufficient access filter, which may disclose the names of users on activity views. This allows a remote attacker to access...
CVE-2021-29274
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip...
CVE-2021-29274
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip...
CVE-2021-29274
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip...