CVE-2015-8346
- EPSS 1.93%
- Veröffentlicht 12.04.2016 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
CVE-2014-1985
- EPSS 2.72%
- Veröffentlicht 11.04.2014 14:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att...
CVE-2011-4929
- EPSS 46.4%
- Veröffentlicht 08.10.2012 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:38
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2011-4928
- EPSS 1.83%
- Veröffentlicht 08.10.2012 18:55:00
- Zuletzt bearbeitet 16.06.2026 23:35:38
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- EPSS 1.12%
- Veröffentlicht 08.10.2012 18:55:00
- Zuletzt bearbeitet 16.06.2026 23:35:38
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
- EPSS 2.09%
- Veröffentlicht 05.04.2012 14:55:05
- Zuletzt bearbeitet 16.06.2026 23:40:52
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6)...
CVE-2012-0327
- EPSS 1.82%
- Veröffentlicht 05.04.2012 14:55:04
- Zuletzt bearbeitet 16.06.2026 23:37:07
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1723
- EPSS 4.46%
- Veröffentlicht 19.04.2011 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:29:54
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are...
CVE-2009-4459
- EPSS 1.13%
- Veröffentlicht 30.12.2009 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:13:42
Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter...
CVE-2009-4079
- EPSS 0.72%
- Veröffentlicht 25.11.2009 22:00:00
- Zuletzt bearbeitet 16.06.2026 23:12:59
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.