19 matches found
CVE-2026-25947
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
CVE-2026-25947
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
CVE-2026-25947
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
CVE-2026-25947
Worklenz is affected by multiple SQL injection vulnerabilities in backend query construction affecting project/task management controllers, reporting/financial endpoints, real-time socket.io handlers, and resource scheduling prior to version 2.1.7. The issue is mitigated by upgrading to v2.1.7, w...
CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
Worklenz SQL注入漏洞
Worklenz is a project management tool developed under open source in Worklenz. Versions of Worklenz prior to 2.1.7 contained a SQL injection vulnerability. This vulnerability stemmed from multiple SQL injection points in the backend SQL queries, affecting functions such as project task management...
PT-2026-7327
Name of the Vulnerable Software and Affected Versions Worklenz versions prior to 2.1.7 Description Worklenz, a project management tool, contains multiple SQL injection flaws in its backend SQL query construction. These flaws affect project and task management controllers, reporting and financial...
CVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...
CVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...
CVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...
EUVD-2025-206349
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...
CVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...
PT-2026-4804
Name of the Vulnerable Software and Affected Versions Worklenz version 2.1.5 Description Worklenz version 2.1.5 has a Stored Cross-Site Scripting XSS issue in the Project Updates feature. An attacker can inject a malicious payload into the Updates text field. This payload is then displayed in the...
CVE-2025-70368
CVE-2025-70368 affects Worklenz v2.1.5, with a Stored XSS in the Project Updates feature. The Updates text field renders un-sanitized input in the reporting view, enabling malicious JavaScript execution in a user’s browser. Root cause: lack of input sanitization for stored payloads. Impact per av...
Worklenz security vulnerabilities
Worklenz is a project management tool developed by Worklenz as open source. Version 2.1.5 of Worklenz contains a security vulnerability, which stems from improper input handling during project updates. This vulnerability may lead to storage-based cross-site scripting attacks...
CVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...
Exploit for CVE-2025-70368
CVE-2025-70368 Stored Cross-Site Scripting XSS in Project...