Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-47259
Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6 allows XSS in the Textile formatter.
Redmine Redmine
6.1
CVSSv3
CVE-2023-47260
Redmine prior to 4.2.11 and 5.0.x prior to 5.0.6 allows XSS via thumbnails.
Redmine Redmine
7.5
CVSSv3
CVE-2022-44030
Redmine 5.x prior to 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine Redmine
6.1
CVSSv3
CVE-2021-29274
Redmine 4.1.x prior to 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
Redmine Redmine
6.1
CVSSv3
CVE-2015-8477
Cross-site scripting (XSS) vulnerability in Redmine prior to 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving flash message rendering.
Redmine Redmine
6.1
CVSSv3
CVE-2016-10515
In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Redmine Redmine
6.1
CVSSv3
CVE-2019-17427
In Redmine prior to 3.4.11 and 4.0.x prior to 4.0.4, persistent XSS exists due to textile formatting errors.
Redmine Redmine
1 Github repository
NA
CVE-2013-4663
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote malicious users to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exist...
Redmine Redmine Git Hosting Plugin -
5.3
CVSSv3
CVE-2021-31864
Redmine prior to 4.0.9, 4.1.x prior to 4.1.3, and 4.2.x prior to 4.2.1 allows malicious users to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
Redmine Redmine
Debian Debian Linux 9.0
5.3
CVSSv3
CVE-2021-42326
Redmine prior to 4.1.5 and 4.2.x prior to 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
Redmine Redmine
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »