{"id":"CVE-2019-17427","details":"In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.","modified":"2026-03-14T09:34:27.292623Z","published":"2019-10-10T02:05:46.897Z","references":[{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Nov/31"},{"type":"WEB","url":"https://usn.ubuntu.com/4200-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4574"},{"type":"ADVISORY","url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"type":"PACKAGE","url":"https://github.com/RealLinkers/CVE-2019-17427"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redmine/redmine","events":[{"introduced":"0"},{"fixed":"a0f8746a0f7143d09ce41ce5394dfa514cbf08bf"},{"introduced":"83eb5bffeff4b29c17f4aea65570fc61ab3ff2e0"},{"fixed":"0454ec48a7d4e5cd45fa62177627ca698940fddd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.11"},{"introduced":"4.0.0"},{"fixed":"4.0.4"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17427.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}