Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-15571
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
Redmine Redmine 3.4.0
Redmine Redmine 3.3.4
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine 3.4.1
Redmine Redmine 3.3.3
Redmine Redmine
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-15572
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.1
Redmine Redmine
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-15573
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, XSS exists because markup is mishandled in wiki content.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-15574
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, stored XSS is possible by using an SVG document as an attachment.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Redmine Redmine 3.3.0
Debian Debian Linux 9.0
7.3
CVSSv3
CVE-2017-15575
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote malicious users to obtain sensitive differences information or possibly have unspecified other impact.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-15576
Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles Time Entry rendering in activity views, which allows remote malicious users to obtain sensitive information.
Redmine Redmine
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-15577
Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles the rendering of wiki links, which allows remote malicious users to obtain sensitive information.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Redmine Redmine 3.3.0
Debian Debian Linux 9.0
1 Github repository
6.1
CVSSv3
CVE-2015-8477
Cross-site scripting (XSS) vulnerability in Redmine prior to 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving flash message rendering.
Redmine Redmine
7.4
CVSSv3
CVE-2015-8474
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine prior to 2.6.7, 3.0.x prior to 3.0.5, and 3.1.x prior to 3.1.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks vi...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Redmine Redmine 3.1.0
Redmine Redmine 3.0.4
Redmine Redmine 3.0.3
Redmine Redmine 2.5.1
Redmine Redmine 3.0.0
Redmine Redmine 3.0.2
Redmine Redmine 3.0.1
Redmine Redmine
5.3
CVSSv3
CVE-2015-8537
app/views/journals/index.builder in Redmine prior to 2.6.9, 3.0.x prior to 3.0.7, and 3.1.x prior to 3.1.3 allows remote malicious users to obtain sensitive information by viewing an Atom feed.
Debian Debian Linux 8.0
Redmine Redmine
Redmine Redmine 3.0.3
Redmine Redmine 3.0.0
Redmine Redmine 3.1.2
Redmine Redmine 3.1.1
Redmine Redmine 3.0.6
Redmine Redmine 3.0.5
Redmine Redmine 3.1.0
Redmine Redmine 3.0.4
Redmine Redmine 3.0.2
Redmine Redmine 3.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »