Redmine · Redmine · CVE-2020-36307
**Name of the Vulnerable Software and Affected Versions**
Redmine versions 4.0.0 through 4.0.6
Redmine versions 4.1.0 through 4.1.0
**Description**
The issue is related to stored XSS via textile inline links, which can be exploited by a remote attacker to impact data integrity. The vulnerability is due to the lack of protection measures for the web page structure.
**Recommendations**
For Redmine versions 4.0.0 through 4.0.6, update to version 4.0.7 or later.
For Redmine versions 4.1.0 through 4.1.0, update to version 4.1.1 or later.