Redmine 0.8.7 and previous versions uses the title tag before defining the character encoding in a meta tag, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redmine redmine 0.4.2 |
||
redmine redmine 0.5.0 |
||
redmine redmine 0.8.4 |
||
redmine redmine 0.8.3 |
||
redmine redmine 0.2.2 |
||
redmine redmine 0.7.4 |
||
redmine redmine 0.6.3 |
||
redmine redmine 0.4.1 |
||
redmine redmine 0.7.0 |
||
redmine redmine 0.7.1 |
||
redmine redmine 0.1.0 |
||
redmine redmine 0.2.1 |
||
redmine redmine 0.8.0 |
||
redmine redmine |
||
redmine redmine 0.6.0 |
||
redmine redmine 0.5.1 |
||
redmine redmine 0.7.2 |
||
redmine redmine 0.3.0 |
||
redmine redmine 0.8.2 |
||
redmine redmine 0.7.3 |
||
redmine redmine 0.6.1 |
||
redmine redmine 0.6.2 |
||
redmine redmine 0.6.4 |
||
redmine redmine 0.4.0 |
||
redmine redmine 0.8.1 |
||
redmine redmine 0.8.6 |
||
redmine redmine 0.8.5 |