Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
References
Link | Resource |
---|---|
https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG | Release Notes Vendor Advisory |
https://www.redmine.org/issues/19117 | Patch Vendor Advisory |
http://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2015/12/05/8 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/12/05/7 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2017-05-22 21:29
Updated : 2017-05-31 06:34
NVD link : CVE-2015-8477
Mitre link : CVE-2015-8477
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
redmine
- redmine