140 matches found
CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting...
GHSA-95M2-CHM4-MQ7M PHP-Textile has persistent XSS vulnerability in image link handling
Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...
PHP-Textile has persistent XSS vulnerability in image link handling
Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...
The vulnerability of the Textile web application component for Redmine project and task management, which allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Textile component in the Redmine project and task management web application exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
BIT-REDMINE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...
BIT-REDMINE-2022-44031
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...
BIT-REDMINE-2022-44637
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...
BIT-REDMINE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
RedCloth: ReDoS Vulnerability
Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...
DEBIAN-CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
Cross site scripting
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
UBUNTU-CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
CVE-2023-47259
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...
Redmine Security Vulnerabilities
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A security vulnerability exists in Redmine versions prior to 4.2.11 and 5.0.x prior to 5.0.6, which stem...
CVE-2023-47259
CVE-2023-47259 affects Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6, where the Textile formatter permits cross-site scripting (XSS). The root cause is improper handling within the Textile formatter, enabling an attacker to execute script in a user’s browser. The vulnerability is documented ac...
PT-2023-9190 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection in the structure of web pages, allowing for cross-site scripting XSS attacks in the Textile formatter. This could...