CVE-2023-47258

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 5, 2023

Updated: Nov 14, 2023

CWE ID 79

Summary

CVE-2023-47258 is a newly disclosed vulnerability affecting Redmine versions 4.2.10 and below, as well as 5.0.x up to 5.0.5. This issue permits Cross-Site Scripting (XSS) attacks through a Markdown formatter in Redmine. An attacker can inject malicious scripts into a Redmine instance, potentially leading to unintended actions or data theft from unsuspecting users. It is crucial for Redmine administrators to update their systems to the latest patched versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Redmine

Affected Vendors

Redmine

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tR1BbL
https://www.cve.org/CVERecord?id=CVE-2023-47258
https://nvd.nist.gov/vuln/detail/CVE-2023-47258

Back to Vulnerability Database