Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip.
Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip.
https://www.redmine.org/issues/33846 https://github.com/redmine/redmine/commit/35f5165c2dfc0364514541d38840e12024e2bc91