CVE-2019-17427 Persistent XSS POC
CVE-2019-17427
CVE-2019-17427 Persistent XSS POC
In Redmine before 3411 and 40x before 404, persistent XSS exists due to textile formatting errors
The vulnerability essentially exists on any wiki page which by default uses textile formatting You can take advantage of it by using <pre parameter
<pre onfocusin=alert("pwnd") tabindex=1 style="