| 제목 | Redmine redmine 6.0.0 - 6.0.3 Improper Input Validation |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Redmine versions 6.0.0 to 6.0.3. The issue exists within the query[name] parameter in the Custom Query feature. When a specially crafted payload is submitted via this parameter, it is stored and later rendered without proper sanitization, allowing arbitrary JavaScript code to execute in the context of other users' browsers.
This vulnerability can be exploited by an authenticated attacker to perform account hijacking, phishing, data theft, or execute unauthorized actions via CSRF, posing a high-severity security risk.
This issue is fix and update to Security_Advisories with name : XSS in custom query
https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| 원천 | ⚠️ https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| 사용자 | hauvcp (UID 74035) |
|---|
| 제출 | 2025. 04. 15. AM 11:58 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 27. PM 03:51 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 306364 [Redmine 6.0.0/6.0.1/6.0.2/6.0.3 Custom Query 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|