{"url":"http://public2.vulnerablecode.io/api/packages/513180?format=json","purl":"pkg:deb/debian/redmine@1.0.1-2","type":"deb","namespace":"debian","name":"redmine","version":"1.0.1-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.1-4+deb9u3","latest_non_vulnerable_version":"3.3.1-4+deb9u3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355160?format=json","vulnerability_id":"VCID-13xd-urnd-c7fu","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["DSA-4191-2 redmine"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13xd-urnd-c7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100002?format=json","vulnerability_id":"VCID-2m9j-vjy9-k7es","summary":"In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16804","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57319","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57371","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.5738","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57369","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57356","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57372","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-16804"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m9j-vjy9-k7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100000?format=json","vulnerability_id":"VCID-5qgn-r984-wfbk","summary":"Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15576","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67868","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67914","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67904","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67891","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67907","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15576"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qgn-r984-wfbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99998?format=json","vulnerability_id":"VCID-76pd-d4ks-xye9","summary":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15574","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5982","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5987","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59873","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59864","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59845","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59863","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15574"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76pd-d4ks-xye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99995?format=json","vulnerability_id":"VCID-7rn5-nmzk-kkhf","summary":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15571","reference_id":"","reference_type":"","scores":[{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67068","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.6711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67117","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67102","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67084","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67099","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882548","reference_id":"882548","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882548"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15571"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rn5-nmzk-kkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99988?format=json","vulnerability_id":"VCID-8vqf-aw39-ruaq","summary":"Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8474","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58809","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58855","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58861","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58854","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58838","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58853","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272","reference_id":"807272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2015-8474"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vqf-aw39-ruaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100003?format=json","vulnerability_id":"VCID-bnmg-7gcg-9qaq","summary":"Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18026","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73448","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.7349","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73477","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73464","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887307","reference_id":"887307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-18026"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnmg-7gcg-9qaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99997?format=json","vulnerability_id":"VCID-bv1p-gbz8-bkdg","summary":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15573","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5982","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5987","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59873","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59864","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59845","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59863","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15573"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bv1p-gbz8-bkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99990?format=json","vulnerability_id":"VCID-bvkh-mzu7-xbc9","summary":"app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8537","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64709","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64718","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64707","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64715","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807826","reference_id":"807826","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807826"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2015-8537"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkh-mzu7-xbc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100001?format=json","vulnerability_id":"VCID-fvyt-5nsx-dye2","summary":"Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15577","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67868","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67914","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67904","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67891","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67907","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15577"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvyt-5nsx-dye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99986?format=json","vulnerability_id":"VCID-g2bx-hcfw-vfc4","summary":"app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8346","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64709","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64718","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64707","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64715","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376","reference_id":"806376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2015-8346"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2bx-hcfw-vfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99987?format=json","vulnerability_id":"VCID-kbum-1mwc-h3gc","summary":"The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8473","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64699","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6474","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64749","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64738","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64728","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64746","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807345","reference_id":"807345","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2015-8473"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbum-1mwc-h3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99994?format=json","vulnerability_id":"VCID-mwbu-za3k-tbbt","summary":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15570","reference_id":"","reference_type":"","scores":[{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67068","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.6711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67117","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67102","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67084","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.67099","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882547","reference_id":"882547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882547"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15570"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbu-za3k-tbbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100005?format=json","vulnerability_id":"VCID-n5es-2416-uqe3","summary":"A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18890","reference_id":"","reference_type":"","scores":[{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.9656","published_at":"2026-06-04T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96567","published_at":"2026-06-06T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96569","published_at":"2026-06-08T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96574","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890"},{"reference_url":"https://usn.ubuntu.com/4200-1/","reference_id":"USN-4200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4200-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2019-18890"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5es-2416-uqe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99993?format=json","vulnerability_id":"VCID-p6xa-gmjt-dyb9","summary":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15569","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62956","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62998","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63007","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62997","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62983","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63001","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882545","reference_id":"882545","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882545"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15569"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6xa-gmjt-dyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99999?format=json","vulnerability_id":"VCID-sfme-v8hq-xybk","summary":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15575","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72773","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72812","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.7282","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72802","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.7279","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72814","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15575"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfme-v8hq-xybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100004?format=json","vulnerability_id":"VCID-sqz9-rksh-wubs","summary":"In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17427","reference_id":"","reference_type":"","scores":[{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83236","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83262","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83263","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83259","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83252","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83265","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890"},{"reference_url":"https://usn.ubuntu.com/4200-1/","reference_id":"USN-4200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4200-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2019-17427"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqz9-rksh-wubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99996?format=json","vulnerability_id":"VCID-xhxu-jf73-ryb8","summary":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15572","reference_id":"","reference_type":"","scores":[{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69349","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69388","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69397","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69373","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69394","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15572"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhxu-jf73-ryb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99992?format=json","vulnerability_id":"VCID-zmw8-x4bb-7qbk","summary":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15568","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62956","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62998","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63007","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62997","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62983","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63001","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544","reference_id":"882544","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513185?format=json","purl":"pkg:deb/debian/redmine@3.3.1-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.3.1-4%252Bdeb9u3"}],"aliases":["CVE-2017-15568"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmw8-x4bb-7qbk"}],"fixing_vulnerabilities":[],"risk_score":"0.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.1-2"}