Redmine

Redmine

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.93%
  • Veröffentlicht 12.04.2016 14:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Exploit
  • EPSS 2.72%
  • Veröffentlicht 11.04.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att...

  • EPSS 46.4%
  • Veröffentlicht 08.10.2012 18:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:38

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

  • EPSS 1.83%
  • Veröffentlicht 08.10.2012 18:55:00
  • Zuletzt bearbeitet 16.06.2026 23:35:38

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • EPSS 1.12%
  • Veröffentlicht 08.10.2012 18:55:00
  • Zuletzt bearbeitet 16.06.2026 23:35:38

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

  • EPSS 2.09%
  • Veröffentlicht 05.04.2012 14:55:05
  • Zuletzt bearbeitet 16.06.2026 23:40:52

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6)...

  • EPSS 1.82%
  • Veröffentlicht 05.04.2012 14:55:04
  • Zuletzt bearbeitet 16.06.2026 23:37:07

Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploit
  • EPSS 4.46%
  • Veröffentlicht 19.04.2011 19:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:54

Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are...

  • EPSS 1.13%
  • Veröffentlicht 30.12.2009 20:00:01
  • Zuletzt bearbeitet 16.06.2026 23:13:42

Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter...

  • EPSS 0.72%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 16.06.2026 23:12:59

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.