Redmine versions 0.8.7 and below suffer from a UTF-7 cross site scripting vulnerability.
e139af5683fe92219972ab5fedb234cba8c6f72ec2f6cbaae95512e1d4328a1fRedmine <= 0.8.7 UTF-7 XSS Vulnerability
Discovered by: p0deje (http://p0deje.blogspot.com)
Application: http://www.redmine.org/wiki/redmine/Download
SA: -
Date: 01.12.2009
Versions affected: <= 0.8.7
Vulnerability: Cross-site Scripting
Platform: Ruby (Ruby On Rails)
Description: Redmine doesn't properly define page character encoding, placing <title> prior to <meta>. Thus it may be possible to create a page with encoded to UTF-7 JavaScript in title and it will be executed in Internet Explorer 7/8 with Auto-Select encoding on
Proof-of-Concept:
1. Create new issue with title "+ADw-script+AD4-alert('XSS');+ADw-/script+AD4-" (without quotes)
2. Open it in Internet Explorer 7/8
3. Set Encoding options to Auto-Select
Result:
JavaScript with alert will be executed
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed