Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
357
VMScore
CVE-2019-18890
A SQL injection vulnerability in Redmine up to and including 3.2.9 and 3.3.x prior to 3.3.10 allows Redmine users to access protected information via a crafted object query.
Redmine Redmine
Debian Debian Linux 9.0
2 Github repositories
383
VMScore
CVE-2019-17427
In Redmine prior to 3.4.11 and 4.0.x prior to 4.0.4, persistent XSS exists due to textile formatting errors.
Redmine Redmine
1 Github repository
383
VMScore
CVE-2019-15950
The CRM Plugin prior to 4.2.4 for Redmine allows XSS via crafted vCard data.
Redmineup Crm
605
VMScore
CVE-2017-18026
Redmine prior to 3.2.9, 3.3.x prior to 3.3.6, and 3.4.x prior to 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote malicious users to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch wh...
Redmine Redmine
Debian Debian Linux 9.0
605
VMScore
CVE-2017-17536
Phabricator prior to 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote malicious users to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
Phacility Phabricator
356
VMScore
CVE-2017-16804
In Redmine prior to 3.2.7 and 3.3.x prior to 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.3
Redmine Redmine
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Debian Debian Linux 9.0
383
VMScore
CVE-2016-10515
In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Redmine Redmine
383
VMScore
CVE-2017-15568
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
Redmine Redmine 3.4.0
Redmine Redmine 3.4.1
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.3
Redmine Redmine 3.3.4
Redmine Redmine
Redmine Redmine 3.4.2
Redmine Redmine 3.3.1
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15569
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
Redmine Redmine
Redmine Redmine 3.3.1
Redmine Redmine 3.3.3
Redmine Redmine 3.4.0
Redmine Redmine 3.4.1
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.4
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15570
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
Redmine Redmine 3.4.1
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.4.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.4
Redmine Redmine 3.3.3
Redmine Redmine
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »