CVSS 3.1 Score 6.1 of 10 (medium)


Published Nov 5, 2023
Updated: Nov 14, 2023


CVE-2023-47260 is a Cross-site Scripting (XSS) vulnerability found in Redmine versions before 4.2.11 and 5.0.x before 5.0.6, affecting various products. The vulnerability allows an attacker to execute malicious code through XSS via thumbnails. The risk score for this vulnerability is 25, indicating a moderate level of risk. To remediate the issue, it is recommended to update Redmine to version 4.2.11 or 5.0.6 or later. This vulnerability poses a potential danger to organizations as it can be exploited to inject malicious scripts or steal sensitive information from users of the affected products, potentially leading to unauthorized access or further attacks on the organization's systems and data.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-47260 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options