VDB

DEBIAN-CVE-2025-4011

DEBIAN-CVE-2025-4011 PUBLISHED CVSS 5.099999904632568 MEDIUM

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.

Risk Scores

CVSS 4.0
5.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products

VendorProductVersions
Debian:13redmine0, 0

Timeline

  • Apr 28, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›