Ubuntu.comUB:CVE-2023-47260CVE-2023-47260
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.0%
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
Bugs
- <https://www.redmine.org/issues/38417 (private)>
References
launchpad.net/bugs/cve/CVE-2023-47260
nvd.nist.gov/vuln/detail/CVE-2023-47260
security-tracker.debian.org/tracker/CVE-2023-47260
www.cve.org/CVERecord?id=CVE-2023-47260
www.redmine.org/projects/redmine/repository/svn/revisions/22296/ (5.0.6)
www.redmine.org/projects/redmine/repository/svn/revisions/22297/ (4.2.11)
www.redmine.org/projects/redmine/wiki/Security_Advisories
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.0%