Shodan
Vulnerabilities
Vulnerable Software
Redmine:  >> Redmine  >> 0.2.2  Security Vulnerabilities
CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-10-18
CVE-2017-15568
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15569
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15571
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-18
CVE-2017-15572
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-10-18
CVE-2017-15573
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-10-18
CVE-2017-15574
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-10-18
CVE-2017-15575
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
CVSS Score
7.3
EPSS Score
0.007
Published
2017-10-18
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-10-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved