CVE-2020-36306: XSS
First published: Tue Apr 06 2021(Updated: )
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redmine Redmine | <4.0.7 | |
| Redmine Redmine | >=4.1.0<4.1.1 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-36306?
CVE-2020-36306 is a vulnerability in Redmine before 4.0.7 and 4.1.x before 4.1.1 that allows for cross-site scripting (XSS) attacks via the back_url field.
How severe is CVE-2020-36306?
CVE-2020-36306 has a severity level of medium with a CVSS score of 6.1.
What is the affected software?
The affected software includes Redmine versions up to and excluding 4.0.7, Redmine versions between 4.1.0 and 4.1.1, and Debian Linux version 9.0.
How can I fix CVE-2020-36306?
To fix CVE-2020-36306, it is recommended to upgrade your Redmine installation to version 4.0.7 or later.
Where can I find more information about CVE-2020-36306?
You can find more information about CVE-2020-36306 in the Debian LTS Announcement and the Redmine Security Advisories.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redmine
- canonical/redmine redmine
- version/redmine redmine/4.1.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0