Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-15575
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote malicious users to obtain sensitive differences information or possibly have unspecified other impact.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Debian Debian Linux 9.0
445
VMScore
CVE-2017-15576
Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles Time Entry rendering in activity views, which allows remote malicious users to obtain sensitive information.
Redmine Redmine
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Debian Debian Linux 9.0
445
VMScore
CVE-2017-15577
Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles the rendering of wiki links, which allows remote malicious users to obtain sensitive information.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Redmine Redmine 3.3.0
Debian Debian Linux 9.0
1 Github repository
383
VMScore
CVE-2016-10515
In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Redmine Redmine
383
VMScore
CVE-2017-15568
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
Redmine Redmine 3.4.0
Redmine Redmine 3.4.1
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.3
Redmine Redmine 3.3.4
Redmine Redmine
Redmine Redmine 3.4.2
Redmine Redmine 3.3.1
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15569
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
Redmine Redmine
Redmine Redmine 3.3.1
Redmine Redmine 3.3.3
Redmine Redmine 3.4.0
Redmine Redmine 3.4.1
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.4
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15570
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
Redmine Redmine 3.4.1
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.4.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.4
Redmine Redmine 3.3.3
Redmine Redmine
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15571
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
Redmine Redmine 3.4.0
Redmine Redmine 3.3.4
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine 3.4.1
Redmine Redmine 3.3.3
Redmine Redmine
Debian Debian Linux 9.0
383
VMScore
CVE-2015-8477
Cross-site scripting (XSS) vulnerability in Redmine prior to 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving flash message rendering.
Redmine Redmine
445
VMScore
CVE-2015-8346
app/views/timelog/_form.html.erb in Redmine prior to 2.6.8, 3.0.x prior to 3.0.6, and 3.1.x prior to 3.1.2 allows remote malicious users to obtain sensitive information about subjects of issues by viewing the time logging form.
Redmine Redmine 3.1.1
Redmine Redmine 3.1.0
Redmine Redmine 3.0.5
Redmine Redmine 3.0.2
Redmine Redmine 3.0.0
Redmine Redmine 3.0.1
Redmine Redmine
Redmine Redmine 3.0.3
Redmine Redmine 3.0.4
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »