CVE-2023-47258 — Cross-site Scripting in Redmine

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 38.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 5

Description

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶debiandebian/redmine< redmine 5.0.4-5+deb12u1 (bookworm)

▶NVDredmine/redmine5.0.0 — 5.0.6+1

▶Debianredmine/redmine< 5.0.4-5+deb12u1+1

OSV

CVE-2023-47258: Redmine before 4↗2023-11-05

▶

GHSA

GHSA-rmx7-grxr-fhm3: Redmine before 4↗2023-11-05

▶

Debian

CVE-2023-47258: redmine - Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.↗2023

▶