CVE-2016-10515
medium
CVSS v3
6.1
CVSS v2
4.3
VIR risk
6.1
Description
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Predictions
Exploit likelihood
71%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-10515
Vendor advisory: cve@mitre.org — https://www.redmine.org/projects/redmine/wiki/Security_Advisories
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 3.2.3-1 |
| debian | sid | fixed | 3.2.3-1 |
| debian | trixie | fixed | 3.2.3-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redmine | redmine | {"endIncluding":"3.2.2"} | |
References
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.