| عنوان | Redmine redmine 6.0.0 - 6.0.3 Improper Input Validation |
|---|
| الوصف | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Redmine versions 6.0.0 to 6.0.3. The issue exists within the query[name] parameter in the Custom Query feature. When a specially crafted payload is submitted via this parameter, it is stored and later rendered without proper sanitization, allowing arbitrary JavaScript code to execute in the context of other users' browsers.
This vulnerability can be exploited by an authenticated attacker to perform account hijacking, phishing, data theft, or execute unauthorized actions via CSRF, posing a high-severity security risk.
This issue is fix and update to Security_Advisories with name : XSS in custom query
https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| المصدر | ⚠️ https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| المستخدم | hauvcp (UID 74035) |
|---|
| ارسال | 15/04/2025 11:58 AM (1 سنة منذ) |
|---|
| الاعتدال | 27/04/2025 03:51 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 306364 [Redmine 6.0.0/6.0.1/6.0.2/6.0.3 Custom Query الأسم البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|