Ubuntu.comUB:CVE-2023-47258CVE-2023-47258
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.0%
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown
formatter.
Bugs
- <https://www.redmine.org/issues/38806 (private)>
References
launchpad.net/bugs/cve/CVE-2023-47258
nvd.nist.gov/vuln/detail/CVE-2023-47258
security-tracker.debian.org/tracker/CVE-2023-47258
www.cve.org/CVERecord?id=CVE-2023-47258
www.redmine.org/projects/redmine/repository/svn/revisions/22299/ (5.0.6)
www.redmine.org/projects/redmine/repository/svn/revisions/22301/ (4.2.11)
www.redmine.org/projects/redmine/wiki/Security_Advisories
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.0%