Redmine 4.2.1

CPE Details

Redmine 4.2.1
redmine
redmine
4.2.1
2021-05-03
15h53 +00:00
2021-06-03
16h08 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redmine:redmine:4.2.1:*:*:*:*:*:*:*

Informations

Vendor

redmine

Product

redmine

Version

4.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-47258 2023-11-04 23h00 +00:00 Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
6.1
Medium
CVE-2023-47259 2023-11-04 23h00 +00:00 Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
6.1
Medium
CVE-2023-47260 2023-11-04 23h00 +00:00 Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
6.1
Medium
CVE-2022-44031 2022-12-11 23h00 +00:00 Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
6.1
Medium
CVE-2022-44637 2022-12-11 23h00 +00:00 Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
6.1
Medium
CVE-2021-42326 2021-10-12 16h08 +00:00 Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
5.3
Medium
CVE-2021-37156 2021-08-05 18h36 +00:00 Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
7.5
High