6 matches found
BIT-OPENPROJECT-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
Design/Logic Flaw
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
CVE-2021-32763 Regular Expression Denial of Service in OpenProject forum messages
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
PT-2021-19912 · Unknown · Openproject
Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 11.3.3 Description: The issue concerns the MessagesController class in OpenProject, specifically the quote method, which is used for the Quote button in discussion forums. This method uses a regex to remove tags...