Cross-Site Scripting Vulnerability in Redmine Software

CVE-2023-47260

What is CVE-2023-47260?

A cross-site scripting (XSS) vulnerability in Redmine versions prior to 4.2.11 and 5.0.6 allows attackers to exploit thumbnails, potentially enabling them to inject malicious scripts. Users of affected versions are encouraged to update their software to the latest versions to mitigate security risks.

References