Redmine
Sign in to watchby Redmine
CVEs (24)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-4459 | 0.00 | — | 0.00 | Dec 30, 2009 | Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8. | ||
| CVE-2009-4079 | 0.00 | — | 0.00 | Nov 25, 2009 | Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors. | ||
| CVE-2009-4078 | 0.00 | — | 0.01 | Nov 25, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2008-4481 | 0.00 | — | 0.00 | Oct 8, 2008 | Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Page 2 of 2