OpenProject Cross-Site Scripting Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A cross-site scripting vulnerability exists in the project list in OpenProject versions prior to 9.0.4 and 10.x version...

CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

Cross site scripting

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

CVE-2019-17092

CVE-2019-17092 is an XSS vulnerability in OpenProject’s project list. The issue occurs in versions before 9.0.4 and before 10.0.2, where the sortBy parameter can be manipulated to inject arbitrary script/html because error messages are mishandled. Several sources indicate affected release ranges ...

OpenProject 5.0.0 - 8.3.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version:...

CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

Sql injection

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

CVE-2019-11600

CVE-2019-11600 is an SQL injection in OpenProject’s activities API, exploitable via the id parameter. Affected product: OpenProject versions 5.0.0 through 8.3.1; the vulnerability can be exploited remotely and, in some configurations, unauthenticated if API access is not protected. Consequences s...

OpenProject 5.0.0 - 8.3.1 - SQL Injection

OpenProject 5.0.0 - 8.3.1 - SQL Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version: 8.3.2 & 9.0.0...

OpenProject SQL Injection Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A SQL injection vulnerability exists in OpenProject versions 5.0.0 through 8.3.1. The vulnerability stems from a lack o...

OpenProject 5.0.0 - 8.3.1 - SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version: 8.3.2 & 9.0.0 CVE number: CVE-2019-11600 impact: Critica...

OpenProject 8.3.1 SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version: 8.3.2 & 9.0.0 CVE number: CVE-2019-11600 impact: Critica...

OpenProject Session Hijacking Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A session hijacking vulnerability exists in OpenProject versions prior to 6.1.6 and 7.x versions prior to 7.0.3, which...

Session fixation

OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session...

CVE-2017-11667

OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session...

CVE-2017-11667

OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session...