| Title | Redmine redmine 6.0.0 - 6.0.3 Improper Input Validation |
|---|
| Description | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Redmine versions 6.0.0 to 6.0.3. The issue exists within the query[name] parameter in the Custom Query feature. When a specially crafted payload is submitted via this parameter, it is stored and later rendered without proper sanitization, allowing arbitrary JavaScript code to execute in the context of other users' browsers.
This vulnerability can be exploited by an authenticated attacker to perform account hijacking, phishing, data theft, or execute unauthorized actions via CSRF, posing a high-severity security risk.
This issue is fix and update to Security_Advisories with name : XSS in custom query
https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| Source | ⚠️ https://www.redmine.org/projects/redmine/wiki/Security_Advisories |
|---|
| User | hauvcp (UID 74035) |
|---|
| Submission | 04/15/2025 11:58 (1 Year ago) |
|---|
| Moderation | 04/27/2025 15:51 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 306364 [Redmine 6.0.0/6.0.1/6.0.2/6.0.3 Custom Query Name cross site scripting] |
|---|
| Points | 20 |
|---|