Persistent XSS Vulnerability in Redmine by Redmine Project
CVE-2022-44031

6.1MEDIUM

Key Information:

Vendor: Redmine
Status: Redmine
Vendor: CVE Published:; 12 December 2022

What is CVE-2022-44031?

Versions of Redmine prior to 4.2.9 and 5.0.x before 5.0.4 are susceptible to a persistent Cross-Site Scripting (XSS) vulnerability. This flaw arises from improper sanitization of the blockquote syntax within Textile-formatted fields, allowing attackers to inject malicious scripts that can be stored and executed when other users view the affected content. Users and organizations utilizing vulnerable versions are advised to upgrade to the latest releases to mitigate this risk.

References

https://www.redmine.org/projects/redmine/wiki/Security_Ad...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Oct 30, 2022

CVE-2022-44031 Data

JSON