CVE-2009-4078 — Cross-site Scripting in Redmine

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redmine Debian Redmine

Timeline

PublishedNov 25

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/redmine< redmine 0.9.0~svn2902-1 (bookworm)

▶Debianredmine/redmine< 0.9.0~svn2902-1+1

▶NVDredmine/redmine0.8.5+24

Patches

Patch: jvn.jp ↗Patch: jvn.jp ↗Patch: jvndb.jvn.jp ↗

🔴Vulnerability Details

GHSA

GHSA-68hg-cfx6-pvhh: Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0↗2022-05-02

▶

OSV

CVE-2009-4078: Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0↗2009-11-25

▶

📋Vendor Advisories

Debian

CVE-2009-4078: redmine - Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier...↗2009

▶