CVE-2020-36307: XSS
First published: Tue Apr 06 2021(Updated: )
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redmine Redmine | <4.0.7 | |
| Redmine Redmine | >=4.1.0<4.1.1 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-36307.
What is the title of this vulnerability?
The title of this vulnerability is 'Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.'
What is the severity of CVE-2020-36307?
The severity of CVE-2020-36307 is medium with a severity value of 6.1.
How does CVE-2020-36307 affect Redmine?
CVE-2020-36307 affects Redmine versions before 4.0.7 and 4.1.x before 4.1.1.
How do I fix CVE-2020-36307?
To fix CVE-2020-36307, it is recommended to upgrade Redmine to version 4.0.7 or later.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/softwarecombine
- agent/event
- agent/description
- agent/tags
- agent/first-publish-date
- vendor/redmine
- canonical/redmine redmine
- version/redmine redmine/4.1.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0