CVE-2022-44031 — Cross-site Scripting in Redmine

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redmine Debian Redmine

Timeline

PublishedDec 12

Description

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/redmine< redmine 5.0.4-1 (bookworm)

▶NVDredmine/redmine5.0.0 — 5.0.4+1

▶Debianredmine/redmine< 5.0.4-1+1

🔴Vulnerability Details

OSV

CVE-2022-44031: Redmine before 4↗2022-12-12

▶

GHSA

GHSA-8474-8wmh-7hj8: Redmine before 4↗2022-12-12

▶

📋Vendor Advisories

Debian

CVE-2022-44031: redmine - Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile...↗2022

▶