Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-10515
In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Redmine Redmine
NA
CVE-2023-47258
Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6 allows XSS in a Markdown formatter.
Redmine Redmine
NA
CVE-2023-47259
Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6 allows XSS in the Textile formatter.
Redmine Redmine
NA
CVE-2023-47260
Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6 allows XSS via thumbnails.
Redmine Redmine
4.3
CVSSv2
CVE-2021-29274
Redmine 4.1.x prior to 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
Redmine Redmine
NA
CVE-2022-44030
Redmine 5.x prior to 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine Redmine
NA
CVE-2022-44031
Redmine prior to 4.2.9 and 5.0.x prior to 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
Redmine Redmine
7.5
CVSSv2
CVE-2013-4663
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote malicious users to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exist...
Redmine Redmine Git Hosting Plugin -
4
CVSSv2
CVE-2019-18890
A SQL injection vulnerability in Redmine up to and including 3.2.9 and 3.3.x prior to 3.3.10 allows Redmine users to access protected information via a crafted object query.
Redmine Redmine
Debian Debian Linux 9.0
2 Github repositories
5
CVSSv2
CVE-2021-31863
Insufficient input validation in the Git repository integration of Redmine prior to 4.0.9, 4.1.x prior to 4.1.3, and 4.2.x prior to 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
Redmine Redmine
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »