Redmine · Redmine Crm Plugin · CVE-2019-15950
**Name of the Vulnerable Software and Affected Versions**
Redmine CRM Plugin versions prior to 4.2.4
**Description**
The issue allows for XSS attacks through crafted vCard data.
**Recommendations**
For versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue.