Redmine

Redmine

51 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2014-1985

Exploit
  • EPSS 1.82%
  • Veröffentlicht 11.04.2014 14:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att...

7.5

CVE-2011-4929

  • EPSS 73.61%
  • Veröffentlicht 08.10.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

4.3

CVE-2011-4928

  • EPSS 0.26%
  • Veröffentlicht 08.10.2012 18:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4

CVE-2011-4927

  • EPSS 0.23%
  • Veröffentlicht 08.10.2012 18:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

5

CVE-2012-2054

  • EPSS 0.27%
  • Veröffentlicht 05.04.2012 14:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6)...

4.3

CVE-2012-0327

  • EPSS 0.36%
  • Veröffentlicht 05.04.2012 14:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2011-1723

Exploit
  • EPSS 7.55%
  • Veröffentlicht 19.04.2011 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are...

4.3

CVE-2009-4459

  • EPSS 0.28%
  • Veröffentlicht 30.12.2009 20:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter...

6.8

CVE-2009-4079

  • EPSS 0.27%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

4.3

CVE-2009-4078

  • EPSS 0.71%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.