CVE-2017-15569

Name of the Vulnerable Software and Affected Versions Redmine versions prior to 3.2.8 Redmine versions 3.3.x prior to 3.3.5 Redmine versions 3.4.x prior to 3.4.3

Description The issue exists due to mishandled rendering of an issue list when a multi-value field contains a crafted value, leading to XSS.

Recommendations For versions prior to 3.2.8, update to version 3.2.8 or later. For versions 3.3.x prior to 3.3.5, update to version 3.3.5 or later. For versions 3.4.x prior to 3.4.3, update to version 3.4.3 or later.