CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

342 matches found

Vulnrichment•added 2024/05/23 12:53 p.m.•13 views

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

7.6CVSS6AI score0.00328EPSS

Exploits0References2

OSV•added 2024/05/23 12:53 p.m.•4 views

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

7.6CVSS6.1AI score0.00328EPSS

Exploits0References4

CNNVD•added 2024/05/23 12:0 a.m.•4 views

OpenProject 安全漏洞

OpenProject is an open source web-based project management software. The software features project planning, task management, bug tracking, and cost budgeting. A security vulnerability exists in OpenProject that stems from a stored cross-site scripting XSS vulnerability in the tablesorter of the...

7.6CVSS5.5AI score0.00328EPSS

Exploits0References3

Positive Technologies•added 2024/05/23 12:0 a.m.•4 views

PT-2024-26388

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 13.4.2 OpenProject versions prior to 14.0.2 OpenProject versions prior to 14.1.0 Description The issue concerns OpenProject, a leading open source project management software, which utilizes tablesorter inside of...

7.6CVSS5.3AI score0.00328EPSS

Exploits0References7

OSV•added 2024/03/06 11:0 a.m.•10 views

BIT-OPENPROJECT-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

6.2AI score

Exploits0References2

OSV•added 2024/03/06 11:0 a.m.•16 views

BIT-OPENPROJECT-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

8.9AI score

Exploits0References4

OSV•added 2024/03/06 11:0 a.m.•14 views

BIT-OPENPROJECT-2023-31140

OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...

6.5CVSS5.8AI score0.00891EPSS

Exploits1References4

NVD•added 2023/06/01 5:15 p.m.•27 views

CVE-2023-33960

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...

7.5CVSS7.5AI score0.01268EPSS

Exploits0References5

Prion•added 2023/06/01 5:15 p.m.•17 views

Design/Logic Flaw

5CVSS7.5AI score0.01268EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2023/06/01 4:20 p.m.•6 views

CVE-2023-33960 OpenProject vulnerable to project identifier information leakage through robots.txt

7.5CVSS7.1AI score0.01268EPSS

Exploits0References5

Cvelist•added 2023/06/01 4:20 p.m.•38 views

CVE-2023-33960 OpenProject vulnerable to project identifier information leakage through robots.txt

7.5CVSS7.7AI score0.01268EPSS

Exploits0References5

OSV•added 2023/06/01 4:20 p.m.•22 views

CVE-2023-33960 OpenProject vulnerable to project identifier information leakage through robots.txt

7.5CVSS7.4AI score0.01268EPSS

Exploits0References7

CVE•added 2023/06/01 4:20 p.m.•160 views

CVE-2023-33960

CVE-2023-33960 – OpenProject robots.txt exposure : OpenProject versions prior to 12.5.6 generate a publicly accessible robots.txt that lists identifiers for all public projects, even if the instance is set to login-restricted. This constitutes an information-disclosure vulnerability (no authentic...

7.5CVSS7.5AI score0.01268EPSS

Exploits0References5Affected Software1

CNNVD•added 2023/06/01 12:0 a.m.•3 views

OpenProject 安全漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A security vulnerability exists in versions of OpenProject prior to 12.5.6 that stems from routing being publicly available...

7.5CVSS7.2AI score0.01268EPSS

Exploits0References6

NVD•added 2023/05/08 9:15 p.m.•14 views

CVE-2023-31140

6.5CVSS5.8AI score0.00891EPSS

Exploits1References4

Prion•added 2023/05/08 9:15 p.m.•15 views

Design/Logic Flaw

4CVSS6.5AI score0.00891EPSS

Exploits1References4Affected Software1

OSV•added 2023/05/08 8:27 p.m.•13 views

CVE-2023-31140 OpenProject user sessions not terminated after activation of 2FA

4.8CVSS6.4AI score0.00891EPSS

Exploits1References6

CVE•added 2023/05/08 8:27 p.m.•119 views

CVE-2023-31140

OpenProject Open Source PM software, affected in versions 7.4.0 through 12.5.4 where, after registering and confirming the first 2FA device (or when an admin creates a mobile 2FA device for a user), existing user sessions are not terminated. The root cause is a failure to terminate active session...

6.5CVSS5.8AI score0.00891EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2023/05/08 8:27 p.m.•7 views

CVE-2023-31140 OpenProject user sessions not terminated after activation of 2FA

4.8CVSS6.6AI score0.00891EPSS

Exploits1References4

Cvelist•added 2023/05/08 8:27 p.m.•17 views

CVE-2023-31140 OpenProject user sessions not terminated after activation of 2FA

4.8CVSS6.7AI score0.00891EPSS

Exploits1References4

Rows per page