CVE-2022-44637

MEDIUM6.1EPSS 0.67%

Published: 12/12/2022Modified: 4/28/2026

Description

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.

Affected packages (2)

Bitnami/redminefrom 0, < 4.2.9, >= 5.0.0, < 5.0.4
Debian/redminefrom 0, < 5.0.4-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-44637
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-44637
WEBhttps://www.redmine.org/projects/redmine/wiki/Security_Advisories