CVE-2011-1723

Name: CVE-2011-1723
Creator: NVD / NIST
Published: 2011-04-19T19:55:02.077+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.46%

Last modified Jun 16, 2026

CVE-2011-1723 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.. EPSS estimates a 4.46% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.

Metrics

EPSS Probability

4.46%

90.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Redmine	Redmine	1.0.1
Redmine	Redmine	1.0.2
Redmine	Redmine	1.0.3
Redmine	Redmine	1.0.4
Redmine	Redmine	1.0.5
Redmine	Redmine	1.1.0
Redmine	Redmine	1.1.1

References

http://osvdb.org/71564
http://secunia.com/advisories/43999Vendor Advisory
http://securityreason.com/securityalert/8211
http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/Exploit
http://www.redmine.org/news/53Patch, Vendor Advisory
http://www.securityfocus.com/archive/1/517355/100/0/threaded
http://www.securityfocus.com/bid/47193Exploit
http://www.vupen.com/english/advisories/2011/0895Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66612
http://osvdb.org/71564
http://secunia.com/advisories/43999Vendor Advisory
http://securityreason.com/securityalert/8211
http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/Exploit
http://www.redmine.org/news/53Patch, Vendor Advisory
http://www.securityfocus.com/archive/1/517355/100/0/threaded
http://www.securityfocus.com/bid/47193Exploit
http://www.vupen.com/english/advisories/2011/0895Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66612

Timeline

Published: Apr 19, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-1723?

How severe is CVE-2011-1723?

Severity scoring for CVE-2011-1723 is pending analysis. The EPSS model estimates a 4.46% probability of exploitation in the next 30 days.

How do I fix CVE-2011-1723?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1723?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST