| Название | Redmine redmine 6.0.0 - 6.0.3 Improper Input Validation |
|---|
| Описание | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Redmine versions 6.0.0 to 6.0.3. The issue exists within the query[name] parameter in the Custom Query feature. When a specially crafted payload is submitted via this parameter, it is stored and later rendered without proper sanitization, allowing arbitrary JavaScript code to execute in the context of other users' browsers.
This vulnerability can be exploited by an authenticated attacker to perform account hijacking, phishing, data theft, or execute unauthorized actions via CSRF, posing a high-severity security risk.
This issue is fix and update to Security_Advisories with name : XSS in custom query
https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| Источник | ⚠️ https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| Пользователь | hauvcp (UID 74035) |
|---|
| Представление | 15.04.2025 11:58 (1 Год назад) |
|---|
| Модерация | 27.04.2025 15:51 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 306364 [Redmine 6.0.0/6.0.1/6.0.2/6.0.3 Custom Query Имя межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|