Yoshinari Fukumoto

**Name of the Vulnerable Software and Affected Versions** Redmine versions 0.8.5 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities. **Recommendations** For Redmine versions 0.8.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Redmine versions 0.8.5 and earlier **Description** A cross-site request forgery issue allows remote attackers to hijack user authentication for requests, specifically for deleting tickets, via unspecified vectors. **Recommendations** For versions 0.8.5 and earlier, update to a version later than 0.8.5 to resolve the issue.