CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10515
https://notcve.org/view.php?id=CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. En Redmine en versiones anteriores a la 3.2.3 hay vulnerabilidades de Cross-Site Scripting (XSS) persistente que afectan al formato de texto Textile y Markdown, así como a las páginas de inicio de proyectos. • https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-15570
https://notcve.org/view.php?id=CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/views/timelog/_list.html.erb mediante datos de columna manipulados. • https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/27186 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15573
https://notcve.org/view.php?id=CVE-2017-15573
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, existe XSS porque se gestiona de manera incorrecta la revisión en el contenido de la wiki. • https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/25503 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8477
https://notcve.org/view.php?id=CVE-2015-8477
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. Vulnerabilidad de tipo Cross-site scripting (XSS) en Redmine versiones anteriores a la 2.6.2, que permitiría a atacantes remotos inyectar secuencias de comando web arbitrarias o HTML a través de vectores que involucren el renderizado de mensajes flash. • http://www.openwall.com/lists/oss-security/2015/12/05/7 http://www.openwall.com/lists/oss-security/2015/12/05/8 http://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.redmine.org/issues/19117 https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8473
https://notcve.org/view.php?id=CVE-2015-8473
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. La API Issues en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a usuarios remotos autenticados obtener información sensible de mensajes changeset aprovechando el permiso para leer problemas en relación con changesets de otros proyectos. • http://www.debian.org/security/2016/dsa-3529 http://www.securityfocus.com/bid/78621 https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22 https://www.redmine.org/issues/21136 https://www.redmine.org/projects/redmine/wiki/Changelog_3_0 https://www.redmine.org/projects/redmine/wiki/Changelog_3_1 https://www.redmine.org/versions/105 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •