In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-18T02:00:00
Updated: 2024-08-05T19:57:27.008Z
Reserved: 2017-10-17T00:00:00
Link: CVE-2017-15568
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-18T02:29:00.280
Modified: 2024-11-21T03:14:46.050
Link: CVE-2017-15568
Redhat
No data.