9 matches found
CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self
OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...
CVE-2026-23625
OpenProject CVE-2026-23625 affects versions 16.3.0–16.6.4. A stored XSS in the Roadmap view occurs when a version’s work packages include a subproject; the helper link_to_work_package renders package.project.to_s with html_safe, allowing HTML in subproject names to be injected. The issue is mitig...
CVE-2026-22600
OpenProject before 16.6.4 is affected by a Local File Read (LFR) vulnerability in the work package PDF export feature. An attacker can craft an SVG file disguised as a PNG and upload it as a work package attachment; during PDF export, ImageMagick is triggered to resize the image, causing the text...
CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
Linux Distros Unpatched Vulnerability : CVE-2023-6955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to...
GitLab 0 < 16.5.6 / 16.6 < 16.6.4 / 16.7 < 16.7.2 (CVE-2023-6955)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to...
CVE-2023-6955
Removed by vendor...
CVE-2023-4812
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...
PT-2024-1046 · Mattermost +2 · Mattermost +3
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 16.5.6 GitLab CE/EE versions 16.6 through 16.6.4 GitLab CE/EE versions 16.7 through 16.7.2 Description: The issue is related to incorrect authorization checks in GitLab, allowing a user to abuse...