|
252931
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15574
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252932
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15573
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252933
|
7.5 |
HIGH
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redire…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-15572
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252934
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15571
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252935
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15570
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252936
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15569
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252937
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering o…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15568
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252938
|
8.8 |
HIGH
Network
|
freedesktop
debian
|
poppler
debian_linux
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15565
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252939
|
9.8 |
CRITICAL
Network
|
zorovavi\/blog_project
|
zorovavi\/blog
|
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
|
CWE-89
SQL Injection
|
CVE-2017-15539
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252940
|
5.4 |
MEDIUM
Network
|
ilias
|
ilias
|
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15538
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
