Published: 08/10/2012 Updated: 09/10/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine prior to 1.0.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redmine redmine
redmine redmine 0.9.3
redmine redmine 0.7.2
redmine redmine 0.9.4
redmine redmine 0.9.1
redmine redmine 0.9.2
redmine redmine 0.8.2
redmine redmine 0.9.0
redmine redmine 0.8.6
redmine redmine 1.0.2
redmine redmine 1.0.0
redmine redmine 0.4.1
redmine redmine 0.5.0
redmine redmine 0.6.4
redmine redmine 0.9.5
redmine redmine 0.3.0
redmine redmine 0.4.0
redmine redmine 0.8.1
redmine redmine 0.8.0
redmine redmine 0.2.1
redmine redmine 0.6.0
redmine redmine 0.6.1
redmine redmine 0.6.2
redmine redmine 0.6.3
redmine redmine 0.9.6
redmine redmine 0.7.1
redmine redmine 0.1.0
redmine redmine 0.8.5
redmine redmine 0.8.7
redmine redmine 0.7.3
redmine redmine 1.0.3
redmine redmine 1.0.1
redmine redmine 0.4.2
redmine redmine 0.5.1
redmine redmine 0.7.0
redmine redmine 0.8.4
redmine redmine 0.8.3
redmine redmine 0.2.2
redmine redmine 0.7.4

CWE-79 http://www.openwall.com/lists/oss-security/2012/01/06/5 http://www.redmine.org/news/49 http://www.openwall.com/lists/oss-security/2012/01/06/7 http://www.debian.org/security/2011/dsa-2261 https://nvd.nist.gov

CVE-2011-4928

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect