14 matches found
CVE-2026-28276
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...
CVE-2026-28275
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...
CVE-2026-28274
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-28276 Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...
CVE-2026-28276 Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...
CVE-2026-28276
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be...
CVE-2026-28275 Initiative Vulnerable to Improper Session Invalidation (JWT Remains Valid)
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...
CVE-2026-28275
CVE-2026-28275 affects the self-hosted project management platform Initiative . Versions prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password, allowing older tokens to remain valid until expiration and continue to access protected API endpoints...
CVE-2026-28274
CVE-2026-28274 affects Initiative (self-hosted project management) with Stored XSS in the document upload workflow. Versions prior to 0.32.4 are vulnerable: users with upload permissions in the Initiatives section can add a .html/.htm file, which is served from the app’s origin without sandboxing...
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
Initiative 安全漏洞
Initiative is an open-source project management platform developed by Morelitea. Versions of Initiative prior to 0.32.2 contained security vulnerabilities. These vulnerabilities stemmed from the ability for uploaded documents to be accessed through the publicly accessible /uploads/ directory,...
PT-2026-22224
Name of the Vulnerable Software and Affected Versions Initiative versions prior to 0.32.2 Description An access control issue exists in Initiative, a self-hosted project management platform. Uploaded documents are served from a publicly accessible /uploads/ directory without authentication or...
Initiative 代码问题漏洞
Initiative is an open-source project management platform developed by Morelitea. Versions of Initiative prior to 0.32.4 contained code vulnerabilities. These vulnerabilities stemmed from a lack of mechanism to invalidate previously issued JWT access tokens after users changed their passwords,...