CVE-2025-4011 – Redmine Custom Query Handler Cross Site Scripting Vulnerability

April 28, 2025

CVE ID : CVE-2025-4011

Published : April 28, 2025, 9:15 a.m. | 3 hours, 14 minutes ago

Description : A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4012 – Playeduxyz PlayEdu SSRF Vulnerability

Next Article CVE-2025-42598 – Seiko Epson Printer DLL Hijacking Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-4011 – Redmine Custom Query Handler Cross Site Scripting Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

“Am I crazy or is GPT-4.1 the best model for coding?” ChatGPT gets new models with exemplary web development capabilities — but OpenAI is under fire for allegedly skimming through safety processes

CVE-2025-45542 – CloudClassroom-PHP-Project SQL Injection Vulnerability

Google Chrome to Use AIv3 to Reduce Annoying Geolocation Permission Pop-ups

Photos of ASUS’ Xbox-branded handheld leak online

bfdcxbxcwedfegdhbvdszxczxbcgfvcxbvxzvxcn hgcfhbgvzxvc

Ubuntu 25.10 Drops Support for GNOME on Xorg

CVE-2025-40569 – Siemens SCALANCE Web Interface Load Configuration Remote Authentication Bypass Vulnerability

Perficient Research Highlights the Path Forward for Connected Products

CVE-2025-4011 – Redmine Custom Query Handler Cross Site Scripting Vulnerability

Related Posts