4 matches found
CVE-2026-23625
OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...
CVE-2026-23625
OpenProject CVE-2026-23625 affects versions 16.3.0–16.6.4. A stored XSS in the Roadmap view occurs when a version’s work packages include a subproject; the helper link_to_work_package renders package.project.to_s with html_safe, allowing HTML in subproject names to be injected. The issue is mitig...
CVE-2026-23625
OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...
PT-2026-3464
Name of the Vulnerable Software and Affected Versions OpenProject versions 16.3.0 through 16.6.4 Description OpenProject is a web-based project management software. A stored cross-site scripting issue exists in the Roadmap view. The issue occurs when a version contains work packages from a...