VYPR

Vendor CVEs

Redmine

All CVEs

57 total · sorted by risk
  • CVE-2012-2054Apr 5, 2012
    risk 0.00cvss epss 0.02

    Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)…

  • CVE-2012-0327Apr 5, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1723Apr 19, 2011
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party…

  • CVE-2009-4459Dec 30, 2009
    risk 0.00cvss epss 0.01

    Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which…

  • CVE-2009-4079Nov 25, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

  • CVE-2009-4078Nov 25, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-4481Oct 8, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 2 of 2