CVE-2021-29274
Redmine 4.1.x before 4.1.2 allows XSS because an issue’s subject is mishandled in the auto complete tip.
Date published : 2021-03-28
https://www.redmine.org/issues/33846
https://www.redmine.org/projects/redmine/wiki/Security_Advisories