CVE-2017-15570

Опубликовано: 18 окт. 2017

Источник: debian

EPSS Низкий

Описание

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.

Пакет	Статус	Версия исправления	Релиз	Тип
redmine	fixed	3.4.4-1		package
redmine	end-of-life		jessie	package
redmine	end-of-life		wheezy	package

https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/27186 (private)
https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b

EPSS

Процентиль: 66%

0.00517

Низкий

CVE-2017-15570

CVSS3: 6.1

ubuntu

больше 8 лет назад

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.

CVE-2017-15570

CVSS3: 6.1

nvd

больше 8 лет назад

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.

GHSA-xf7q-cr75-c778

CVSS3: 6.1

github

больше 3 лет назад

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.

EPSS

Процентиль: 66%

0.00517

Низкий