Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine redmine vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-8477
Cross-site scripting (XSS) vulnerability in Redmine prior to 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving flash message rendering.
Redmine Redmine
NA
CVE-2022-44030
Redmine 5.x prior to 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine Redmine
NA
CVE-2022-44031
Redmine prior to 4.2.9 and 5.0.x prior to 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
Redmine Redmine
NA
CVE-2022-44637
Redmine prior to 4.2.9 and 5.0.x prior to 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
Redmine Redmine
4.3
CVSSv2
CVE-2021-29274
Redmine 4.1.x prior to 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
Redmine Redmine
4.3
CVSSv2
CVE-2019-17427
In Redmine prior to 3.4.11 and 4.0.x prior to 4.0.4, persistent XSS exists due to textile formatting errors.
Redmine Redmine
1 Github repository
4.3
CVSSv2
CVE-2016-10515
In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Redmine Redmine
7.5
CVSSv2
CVE-2013-4663
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote malicious users to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exist...
Redmine Redmine Git Hosting Plugin -
6.8
CVSSv2
CVE-2017-18026
Redmine prior to 3.2.9, 3.3.x prior to 3.3.6, and 3.4.x prior to 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote malicious users to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch wh...
Redmine Redmine
Debian Debian Linux 9.0
4
CVSSv2
CVE-2019-18890
A SQL injection vulnerability in Redmine up to and including 3.2.9 and 3.3.x prior to 3.3.10 allows Redmine users to access protected information via a crafted object query.
Redmine Redmine
Debian Debian Linux 9.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »