CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-15569
https://notcve.org/view.php?id=CVE-2017-15569
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/helpers/queries_helper.rb mediante un campo de múltiples valores con un valor manipulado que se gestiona de manera incorrecta durante la representación del historial de problemas. • https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/27186 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10515
https://notcve.org/view.php?id=CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. En Redmine en versiones anteriores a la 3.2.3 hay vulnerabilidades de Cross-Site Scripting (XSS) persistente que afectan al formato de texto Textile y Markdown, así como a las páginas de inicio de proyectos. • https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-15570
https://notcve.org/view.php?id=CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/views/timelog/_list.html.erb mediante datos de columna manipulados. • https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/27186 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15573
https://notcve.org/view.php?id=CVE-2017-15573
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, existe XSS porque se gestiona de manera incorrecta la revisión en el contenido de la wiki. • https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/25503 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8477
https://notcve.org/view.php?id=CVE-2015-8477
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. Vulnerabilidad de tipo Cross-site scripting (XSS) en Redmine versiones anteriores a la 2.6.2, que permitiría a atacantes remotos inyectar secuencias de comando web arbitrarias o HTML a través de vectores que involucren el renderizado de mensajes flash. • http://www.openwall.com/lists/oss-security/2015/12/05/7 http://www.openwall.com/lists/oss-security/2015/12/05/8 http://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.redmine.org/issues/19117 https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •