← Back

Redmine

redmine

51 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Redmine

redmine

50 CVEs

Redmine Git Hosting Plugin

redmine_git_hosting_plugin

1 CVE

CVEs (51)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-1985 1Redmine 1Redmine May 6, 2026 Apr 11, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web...Show more Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).Show less
CVE-2011-4929 1Redmine 1Redmine Apr 29, 2026 Oct 8, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2011-4928 1Redmine 1Redmine Apr 29, 2026 Oct 8, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4927 1Redmine 1Redmine Apr 29, 2026 Oct 8, 2012 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2012-2054 1Redmine 1Redmine Apr 29, 2026 Apr 5, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) Membe...Show more Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.Show less
CVE-2012-0327 1Redmine 1Redmine Apr 29, 2026 Apr 5, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1723 1Redmine 1Redmine Apr 29, 2026 Apr 19, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. N...Show more Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-4459 1Redmine 1Redmine Apr 23, 2026 Dec 30, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded...Show more Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.Show less
CVE-2009-4079 1Redmine 1Redmine Apr 23, 2026 Nov 25, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
CVE-2009-4078 1Redmine 1Redmine Apr 23, 2026 Nov 25, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4481 1Redmine 1Redmine Apr 23, 2026 Oct 8, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Previous 1 23