CVE-2020-36306

CVE-2020-36306

EPSS 0.7%

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories