Redmine <= 0.8.7 UTF-7 XSS Vulnerability

ID SSV:18612
Type seebug
Reporter Root
Modified 2009-12-19T00:00:00


No description provided by source.

                                                Redmine <= 0.8.7 UTF-7 XSS Vulnerability
Discovered by: p0deje (
SA: -
Date: 01.12.2009
Versions affected: <= 0.8.7
Vulnerability: Cross-site Scripting
Platform: Ruby (Ruby On Rails)
Description: Redmine doesn't properly define page character encoding, placing <title> prior to <meta>. Thus it may be possible to create a page with encoded to UTF-7 JavaScript in title and it will be executed in Internet Explorer 7/8 with Auto-Select encoding on

1. Create new issue with title "+ADw-script+AD4-alert('XSS');+ADw-/script+AD4-" (without quotes)
2. Open it in Internet Explorer 7/8
3. Set Encoding options to Auto-Select

JavaScript with alert will be executed