Vulnerabilities > Redmine > Redmine > 4.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-05 | CVE-2023-47258 | Cross-site Scripting vulnerability in Redmine Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. | 6.1 |
| 2023-11-05 | CVE-2023-47259 | Cross-site Scripting vulnerability in Redmine Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. | 6.1 |
| 2023-11-05 | CVE-2023-47260 | Cross-site Scripting vulnerability in Redmine Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. | 6.1 |
| 2022-12-12 | CVE-2022-44031 | Cross-site Scripting vulnerability in Redmine Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | 6.1 |
| 2022-12-12 | CVE-2022-44637 | Cross-site Scripting vulnerability in Redmine Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. | 6.1 |
| 2021-10-12 | CVE-2021-42326 | Information Exposure vulnerability in multiple products Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | 5.0 |
| 2021-08-05 | CVE-2021-37156 | Insufficient Session Expiration vulnerability in Redmine 4.2.0/4.2.1 Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. | 5.0 |