OpenProject 代码问题漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A code issue vulnerability exists in OpenProject versions 7.4.0 through 12.5.4 that stems from an existing login session for a user accou...

PT-2023-23174 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions 7.4.0 through 12.5.3 Description: OpenProject is open source project management software. The issue arises when a user registers and confirms their first two-factor authentication 2FA device for an account, and existing...

The vulnerability of the OpenProject project management platform, related to the lack of measures taken to protect the website structure, allows attackers to carry out phishing attacks.

The vulnerability of the OpenProject project management platform lies in the lack of measures taken to protect the structure of the web page when processing the target=blank value without the rel noopener attribute. Exploiting this vulnerability could allow a malicious actor to carry out phishing...

CVE-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

CVE-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

Sql injection

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

CVE-2021-43830 SQL injection in OpenProject

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

CVE-2021-43830

OpenProject (web-based project management software) versions 12.0.0 and later are affected by a SQL injection in the budgets module. The vulnerability arises when reassigning work packages to a different budget, where input in the reassign_to_id parameter is insufficiently sanitized, and only aff...

OpenProject SQL注入漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. OpenProject suffers from a SQL injection vulnerability that originates in the budget module...

PT-2021-23962 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions 12.0.0 through 12.0.3 Description: OpenProject is a web-based project management software. The software is vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, t...

CVE-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

CVE-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

Design/Logic Flaw

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

CVE-2021-32763 Regular Expression Denial of Service in OpenProject forum messages

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

CVE-2021-32763

OpenProject prior to 11.3.3 is affected by CVE-2021-32763 due to a Regular Expression Denial of Service in the MessagesController.quote method, which uses a regex to strip tags from quoted forum messages. The problematic pattern (.|\s) allows backtracking when encountering an unterminated tag w...

OpenProject安全漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A security vulnerability exists in OpenProject. The vulnerability originates from mismanagement of system resources e.g., memory, disk...

PT-2021-19912 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 11.3.3 Description: The issue concerns the MessagesController class in OpenProject, specifically the quote method, which is used for the Quote button in discussion forums. This method uses a regex to remove tags...

OPF OpenProject Cross-Site Scripting (CVE-2019-17092)

A cross-site scripting vulnerability exists in OPF OpenProject. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

OPF OpenProject Activities API SQL Injection (CVE-2019-11600)

A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...

OpenProject 10.0.1 / 9.0.3 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: = 9.0.3, =10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium homepage:...