CVE-2023-47259

Name of the Vulnerable Software and Affected Versions Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6

Description The issue is related to a lack of protection in the structure of web pages, allowing for cross-site scripting (XSS) attacks in the Textile formatter. This could enable a remote attacker to conduct inter-site script attacks.

Recommendations For Redmine versions prior to 4.2.11, update to version 4.2.11 or later. For Redmine versions 5.0.x prior to 5.0.6, update to version 5.0.6 or later. As a temporary workaround, consider disabling the Textile formatter until a patch is available.