CVE-2016-10515Cross-site Scripting in Redmine

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 42.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RedmineDebian Redmine
Timeline
PublishedOct 18
Latest updateMay 17

Description

In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/redmine< redmine 3.2.3-1 (bookworm)
Debianredmine/redmine< 3.2.3-1+1
NVDredmine/redmine3.2.2

Patches

Patch: www.redmine.orgPatch: www.redmine.org

🔴Vulnerability Details

2
GHSA
GHSA-r5hm-658v-6xj3: In Redmine before 32022-05-17
OSV
CVE-2016-10515: In Redmine before 32017-10-18

📋Vendor Advisories

1
Debian
CVE-2016-10515: redmine - In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile ...2016