CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15573
https://notcve.org/view.php?id=CVE-2017-15573
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, existe XSS porque se gestiona de manera incorrecta la revisión en el contenido de la wiki. • https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/25503 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8473
https://notcve.org/view.php?id=CVE-2015-8473
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. La API Issues en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a usuarios remotos autenticados obtener información sensible de mensajes changeset aprovechando el permiso para leer problemas en relación con changesets de otros proyectos. • http://www.debian.org/security/2016/dsa-3529 http://www.securityfocus.com/bid/78621 https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22 https://www.redmine.org/issues/21136 https://www.redmine.org/projects/redmine/wiki/Changelog_3_0 https://www.redmine.org/projects/redmine/wiki/Changelog_3_1 https://www.redmine.org/versions/105 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8346
https://notcve.org/view.php?id=CVE-2015-8346
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form. app/views/timelog/_form.html.erb en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a atacantes remotos obtener información sensible sobre temas de problemas visualizando el formulario de tiempo de acceso. • http://www.debian.org/security/2016/dsa-3529 http://www.redmine.org/news/102 https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c https://www.redmine.org/issues/21150 • CWE-199: Information Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2015-8537
https://notcve.org/view.php?id=CVE-2015-8537
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. app/views/journals/index.builder en Redmine en versiones anteriores a 2.6.9, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a atacantes remotos obtener información sensible visualizando un feed Atom. • http://www.debian.org/security/2016/dsa-3529 http://www.redmine.org/news/103 https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •