16 matches found
CVE-2026-24776
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This allowed a...
CVE-2026-24776
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
CVE-2026-24776 OpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transfer
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
CVE-2026-24776
OpenProject prior to 17.0.2 vulnerable to a logic flaw in the drag-and-drop handler for agenda items. The target meeting section was not validated to belong to the same meeting (or backlog in recurring meetings), enabling an attacker to move an agenda item to a different meeting, causing confusio...
EUVD-2026-5638
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
PT-2026-6762
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.2 Description OpenProject is a web-based project management software. A flaw existed in the drag-and-drop functionality for agenda items, where the system did not verify if the target meeting section belonged...
OpenProject 安全漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.0.2 had security vulnerabilities. These vulnerabilities stemmed from the drag-and-drop processing mechanism, which did not properly check the target meeting details. This could allow attackers...
EUVD-2009-2001
Malware in sbrugna...
CVE-2009-4942
Technical details (affected versions, root cause, exploit conditions) are not provided in the connected documents. Monitor for updates for additional, verifiable information.
CVE-2009-4942
Cross-site request forgery CSRF vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items...
CVE-2009-4942
Cross-site request forgery CSRF vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...
CVE-2009-2005
Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...
CVE-2009-2005
CVE-2009-2005 describes a CSRF vulnerability in Dokeos 1.8.5 (and possibly earlier) that could allow an attacker to hijack an authenticated session and add new personal agenda items via unknown vectors. The connected documents identify the affected product and the basic impact, but do not provide...
CVE-2009-2005
Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...