Key Information Summary Vulnerability Overview Name: Redmine 1.1.1 XSS Vulnerability Type: Cross-Site Scripting (XSS) CVE ID: CVE-2011-1723 Risk Level: Low Affected Scope Software: All versions of Redmine from 1.0.1 to 1.1.1 Vendor Homepage: http://www.redmine.org CVSS Score: - Base Score: 4.3/10 - Impact Score: 2.9/10 - Exploitability Score: 8.6/10 Vulnerability Details Description: Redmine is affected by an XSS vulnerability, discovered in versions from 1.0.1 to 1.1.1. PoC: References: - For more information on XSS vulnerabilities, see: http://www.mavitunasecurity.com/crosssite-scripting-xss/ Solution Upgrade to Latest Version: Upgrade to Redmine version 1.1.2 to resolve this vulnerability. Acknowledgments & Discovery Discovery Tool: Netsparker, a web application security scanner. Discoverer Details: See Netsparker-related security advisories at: http://www.mavitunasecurity.com/netsparker-advisories/ Additional References Other links in the list provide additional information and context about this vulnerability, including vendor advisories, records from other security databases, and related discussion forums.