Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2017
CVE-2017-15569
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15571
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15572
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-10-18
CVE-2017-15573
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-10-18
CVE-2017-15574
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-10-18
CVE-2017-15575
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
CVSS Score
7.3
EPSS Score
0.007
Published
2017-10-18
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15577
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15578
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-10-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved