Published: 10/10/2019 Updated: 19/11/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

In Redmine prior to 3.4.11 and 4.0.x prior to 4.0.4, persistent XSS exists due to textile formatting errors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redmine redmine

Several security issues were fixed in redmine ...

Hoger Just discovered an SQL injection in Redmine, a project management web application In addition a cross-site scripting issue was found in Textile formatting For the oldstable distribution (stretch), these problems have been fixed in version 331-4+deb9u3 We recommend that you upgrade your redmine packages For the detailed security status o ...

CVE-2019-17427 Persistent XSS POC

CVE-2019-17427 CVE-2019-17427 Persistent XSS POC In Redmine before 3411 and 40x before 404, persistent XSS exists due to textile formatting errors The vulnerability essentially exists on any wiki page which by default uses textile formatting You can take advantage of it by using <pre parameter <pre onfocusin=alert("pwnd") tabindex=1 style="

CWE-79 https://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.debian.org/security/2019/dsa-4574 https://seclists.org/bugtraq/2019/Nov/31 https://usn.ubuntu.com/4200-1/https://github.com/RealLinkers/CVE-2019-17427 https://usn.ubuntu.com/4200-1/https://nvd.nist.gov

CVE-2019-17427

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect