| Título | Redmine redmine 6.0.0 - 6.0.3 Improper Input Validation |
|---|
| Descrição | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Redmine versions 6.0.0 to 6.0.3. The issue exists within the query[name] parameter in the Custom Query feature. When a specially crafted payload is submitted via this parameter, it is stored and later rendered without proper sanitization, allowing arbitrary JavaScript code to execute in the context of other users' browsers.
This vulnerability can be exploited by an authenticated attacker to perform account hijacking, phishing, data theft, or execute unauthorized actions via CSRF, posing a high-severity security risk.
This issue is fix and update to Security_Advisories with name : XSS in custom query
https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| Fonte | ⚠️ https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| Utilizador | hauvcp (UID 74035) |
|---|
| Submissão | 15/04/2025 11h58 (há 1 Ano) |
|---|
| Moderação | 27/04/2025 15h51 (12 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 306364 [Redmine 6.0.0/6.0.1/6.0.2/6.0.3 Custom Query Nome Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|