Vulnerabilities > Redmine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-04-05 | CVE-2012-0327 | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-04-19 | CVE-2011-1723 | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. | 4.3 |
| 2009-12-30 | CVE-2009-4459 | Cross-Site Scripting vulnerability in Redmine Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8. | 4.3 |
| 2009-11-25 | CVE-2009-4079 | Cross-Site Request Forgery (CSRF) vulnerability in Redmine Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors. | 6.8 |
| 2009-11-25 | CVE-2009-4078 | Cross-Site Scripting vulnerability in Redmine Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-10-08 | CVE-2008-4481 | Cross-Site Scripting vulnerability in Redmine Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |