Redmine

http://www.redmine.org/plugins/redmine_appmenuadds have serious security issue.

If you are goint to page /menutabs, it shows for non-logged users all tabs with an option to change the order of tabs. User coultn edit or change tabs, but can change the order of tabs.

http://<www.anydomain.com>/menutabs h