2019-10-10 04:05:46 2019-10-10 21:08:11

In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Redmine 0.1.0 Redmine 0.2.1 Redmine 0.2.2 Redmine 0.3.0 Redmine 0.4.0 Redmine 0.4.1 Redmine 0.4.2 Redmine 0.5.0 Redmine 0.5.1 Redmine 0.6.0 Redmine 0.6.1 Redmine 0.6.2 Redmine 0.6.3 Redmine 0.6.4 Redmine 0.7.0 Redmine 0.7.0 release candidate 1 Redmine 0.7.1 Redmine 0.7.2 Redmine 0.7.3 Redmine 0.7.4 Redmine 0.8.0 Redmine 0.8.0 release candidate 1 Redmine 0.8.1 Redmine 0.8.2 Redmine 0.8.3 Redmine 0.8.4 Redmine 0.8.5 Redmine 0.8.6 Redmine 0.8.7 Redmine 0.9.0 Redmine 0.9.1 Redmine 0.9.2 Redmine 0.9.3 Redmine 0.9.4 Redmine 0.9.5 Redmine 0.9.6 Redmine 1.0.0 Redmine 1.0.1 Redmine 1.0.2 Redmine 1.0.3 Redmine 1.0.4 Redmine 1.0.5 Redmine 1.1.0 Redmine 1.1.1 Redmine 1.1.2 Redmine 1.1.3 Redmine 1.2.0 Redmine 1.2.1 Redmine 1.2.2 Redmine 1.2.3 Redmine 1.3.0 Redmine 1.3.1 Redmine 1.3.2 Redmine 2.4.0 Redmine 2.4.1 Redmine 2.4.2 Redmine 2.4.3 Redmine 2.4.4 Redmine 2.4.5 Redmine 2.5.0 Redmine 2.5.1 Redmine Redmine 2.5.2 (not an official CPE) Redmine Redmine 2.5.3 (not an official CPE) Redmine Redmine 2.6.0 (not an official CPE) Redmine Redmine 2.6.1 (not an official CPE) Redmine Redmine 2.6.2 (not an official CPE) Redmine Redmine 2.6.3 (not an official CPE) Redmine Redmine 2.6.4 (not an official CPE) Redmine Redmine 2.6.5 (not an official CPE) Redmine Redmine 2.6.6 (not an official CPE) Redmine Redmine 2.6.7 (not an official CPE) Redmine Redmine 2.6.8 (not an official CPE) Redmine Redmine 2.6.9 (not an official CPE) Redmine Redmine 2.6.10 (not an official CPE) Redmine Redmine 3.0.0 (not an official CPE) Redmine Redmine 3.0.1 (not an official CPE) Redmine Redmine 3.0.2 (not an official CPE) Redmine Redmine 3.0.3 (not an official CPE) Redmine Redmine 3.0.4 (not an official CPE) Redmine Redmine 3.0.5 (not an official CPE) Redmine Redmine 3.0.6 (not an official CPE) Redmine Redmine 3.0.7 (not an official CPE) Redmine Redmine 3.1.0 (not an official CPE) Redmine Redmine 3.1.1 (not an official CPE) Redmine Redmine 3.1.2 (not an official CPE) Redmine Redmine 3.1.3 (not an official CPE) Redmine Redmine 3.1.4 (not an official CPE) Redmine Redmine 3.1.5 (not an official CPE) Redmine Redmine 3.1.6 (not an official CPE) Redmine Redmine 3.1.7 (not an official CPE) Redmine Redmine 3.2.0 (not an official CPE) Redmine Redmine 3.2.1 (not an official CPE) Redmine Redmine 3.2.2 (not an official CPE) Redmine Redmine 3.2.3 (not an official CPE) Redmine Redmine 3.2.4 (not an official CPE) Redmine Redmine 3.2.5 (not an official CPE) Redmine Redmine 3.2.6 (not an official CPE) Redmine Redmine 3.2.7 (not an official CPE) Redmine Redmine 3.2.8 (not an official CPE) Redmine Redmine 3.2.9 (not an official CPE) Redmine Redmine 3.3.0 (not an official CPE) Redmine Redmine 3.3.1 (not an official CPE) Redmine Redmine 3.3.2 (not an official CPE) Redmine Redmine 3.3.3 (not an official CPE) Redmine Redmine 3.3.4 (not an official CPE) Redmine Redmine 3.3.5 (not an official CPE) Redmine Redmine 3.3.6 (not an official CPE) Redmine Redmine 3.4.0 (not an official CPE) Redmine Redmine 3.4.1 (not an official CPE) Redmine Redmine 3.4.2 (not an official CPE) Redmine Redmine 3.4.3 (not an official CPE) Redmine Redmine 3.4.4 (not an official CPE)