CVE-2017-15573
https://notcve.org/view.php?id=CVE-2017-15573
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, existe XSS porque se gestiona de manera incorrecta la revisión en el contenido de la wiki. • https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/25503 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-8537
https://notcve.org/view.php?id=CVE-2015-8537
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. app/views/journals/index.builder en Redmine en versiones anteriores a 2.6.9, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a atacantes remotos obtener información sensible visualizando un feed Atom. • http://www.debian.org/security/2016/dsa-3529 http://www.redmine.org/news/103 https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •