In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
redmine redmine