CVE-2017-15568

Published: Oct 18, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.redmine.org/projects/redmine/wiki/Security_Advisories

x_refsource_CONFIRM

https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448

x_refsource_CONFIRM

DSA-4191

vendor-advisory

x_refsource_DEBIAN

https://www.redmine.org/issues/27186

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15568

Description

Affected Products

References