Stored XSS Vulnerability in Redmine by Redmine Core Team
CVE-2020-36307

6.1MEDIUM

Key Information:

Vendor

Redmine

Status
Redmine
Vendor
CVE Published:
6 April 2021

What is CVE-2020-36307?

Earlier versions of Redmine, specifically before 4.0.7 and 4.1.x versions prior to 4.1.1, exhibit a stored XSS vulnerability. This flaw allows attackers to embed malicious scripts through textile inline links, leading to potential exploitation that could affect user sessions and data security. Proper validation and escaping of user input are essential to mitigate such risks.

References

https://www.redmine.org/projects/redmine/wiki/Security_Ad...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/05/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.