cpe:/a:redmine:redmine:3.2.7 cpe:/a:redmine:redmine:3.3.0 cpe:/a:redmine:redmine:3.3.1 cpe:/a:redmine:redmine:3.3.2 cpe:/a:redmine:redmine:3.3.3 cpe:/a:redmine:redmine:3.3.4 cpe:/a:redmine:redmine:3.4.0 cpe:/a:redmine:redmine:3.4.1 cpe:/a:redmine:redmine:3.4.2 cpe:/o:debian:debian_linux:9.0 CVE-2017-15568 2017-10-17T22:29:00.280-04:00 2019-03-14T11:00:52.700-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2019-03-14T10:27:09.553-04:00 DEBIAN DSA-4191 CONFIRM https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 CONFIRM https://www.redmine.org/issues/27186 CONFIRM https://www.redmine.org/projects/redmine/wiki/Security_Advisories In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.