On Wed, Apr 06, 2011 at 01:22:06PM +0300, Netsparker Advisories wrote: > Information > -------------------- > Name : XSS vulnerability in Redmine > Software : all Redmine versions from 1.0.1 to 1.1.1 > Vendor Homepage : http://www.redmine.org > Vulnerability Type : Cross-Site Scripting > Severity : High > Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com> > Advisory Reference : NS-11-004 > > Description > ------------------ > Redmine is a flexible project management web application written using > Ruby on Rails framework. > > Details > ------------------- > Redmine is affected by a XSS vulnerability in versions from 1.0.1 to 1.1.1. > Example PoC url is as follows : > > http://example.com/projects/hg-helloworld/news/%22onload=%22alert%281%29 > > > You can read the full article about Cross-Site Scripting > vulnerabilities from here : > http://www.mavitunasecurity.com/crosssite-scripting-xss/ > > Solution > ------------------- > Upgrade to the latest Redmine version (1.1.2). > > Credits > ------------------- > It has been discovered on testing of Netsparker, Web Application > Security Scanner - http://www.mavitunasecurity.com/netsparker/. > > References > ------------------- > 1. Vendor URL: http://www.redmine.org/news/53 > 2. MSL Advisory Link : > http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/ > 3. Netsparker Advisories : > http://www.mavitunasecurity.com/netsparker-advisories/ > > About Netsparker > ------------------- > Netsparker can find and report security issues such as SQL Injection > and Cross-site Scripting (XSS) in all web applications regardless of > the platform and the technology they are built on. Netsparker's unique > detection and exploitation techniques allows it to be dead accurate in > reporting hence it's the first and the only False Positive Free web > application security scanner. > > -- > Netsparker Advisories, <advisories@xxxxxxxxxxxxxxxxxxxx> > Homepage, http://www.mavitunasecurity.com/netsparker-advisories/ You can use CVE-2011-1723 identifier for this issue. References: http://osvdb.org/71564 Best regards, Henri Salo
