2 matches found
CVE-2026-25764
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...
CVE-2026-25764
OpenProject suffers a stored HTML injection in the time-tracking workflow prior to 16.6.7 and 17.0.3. The HTML is not escaped in the work package name, allowing an attacker with administrator privileges to inject HTML into the name when creating time-tracking entries, potentially affecting the Wo...