Redmine · Redmine · CVE-2019-17427
**Name of the Vulnerable Software and Affected Versions**
Redmine versions prior to 3.4.11
Redmine versions 4.0.x prior to 4.0.4
**Description**
The issue is related to the lack of protection of the web page structure in the Redmine project and task management web application. This can be exploited by a remote attacker to perform cross-site scripting attacks. The problem arises from errors in textile formatting.
**Recommendations**
For Redmine versions prior to 3.4.11, update to version 3.4.11 or later.
For Redmine versions 4.0.x prior to 4.0.4, update to version 4.0.4 or later.