Lucene search
K

414 matches found

CNNVD
CNNVD
added 2021/12/14 12:0 a.m.6 views

OpenProject SQL注入漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. OpenProject suffers from a SQL injection vulnerability that originates in the budget module...

8.8CVSS8.2AI score0.00929EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.7 views

PT-2021-23962 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions 12.0.0 through 12.0.3 Description: OpenProject is a web-based project management software. The software is vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, t...

8.8CVSS8.7AI score0.00929EPSS
Exploits0References9
NVD
NVD
added 2021/07/20 5:15 p.m.19 views

CVE-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

6.5CVSS0.00921EPSS
Exploits0References2
OSV
OSV
added 2021/07/20 5:15 p.m.9 views

CVE-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

6.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/07/20 5:15 p.m.19 views

Design/Logic Flaw

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

4CVSS6.2AI score0.00921EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/20 4:50 p.m.42 views

CVE-2021-32763

OpenProject prior to 11.3.3 is affected by CVE-2021-32763 due to a Regular Expression Denial of Service in the MessagesController.quote method, which uses a regex to strip tags from quoted forum messages. The problematic pattern (.|\s) allows backtracking when encountering an unterminated tag w...

6.5CVSS5.1AI score0.00921EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/20 4:50 p.m.24 views

CVE-2021-32763 Regular Expression Denial of Service in OpenProject forum messages

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

4.3CVSS6.4AI score0.00921EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.6 views

OpenProject安全漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A security vulnerability exists in OpenProject. The vulnerability originates from mismanagement of system resources e.g., memory, disk...

6.5CVSS6.5AI score0.00921EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/20 12:0 a.m.5 views

PT-2021-19912 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 11.3.3 Description: The issue concerns the MessagesController class in OpenProject, specifically the quote method, which is used for the Quote button in discussion forums. This method uses a regex to remove tags...

6.5CVSS6.3AI score0.00921EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2020/02/26 12:0 a.m.8 views

OPF OpenProject Cross-Site Scripting (CVE-2019-17092)

A cross-site scripting vulnerability exists in OPF OpenProject. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.3CVSS4.7AI score0.01659EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2019/11/25 12:0 a.m.15 views

OPF OpenProject Activities API SQL Injection (CVE-2019-11600)

A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...

6.8CVSS1.8AI score0.79956EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/10/15 12:0 a.m.430 views

OpenProject 10.0.1 / 9.0.3 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: = 9.0.3, =10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium homepage:...

4.3CVSS0.01659EPSS
Exploits1
CNVD
CNVD
added 2019/10/11 12:0 a.m.2 views

OpenProject Cross-Site Scripting Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A cross-site scripting vulnerability exists in the project list in OpenProject versions prior to 9.0.4 and 10.x version...

6.1CVSS6.4AI score0.01659EPSS
Exploits1References1
OSV
OSV
added 2019/10/09 7:15 p.m.11 views

CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

6.1CVSS5.9AI score
Exploits0References6
NVD
NVD
added 2019/10/09 7:15 p.m.19 views

CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

6.1CVSS6AI score0.01659EPSS
Exploits1References6
Prion
Prion
added 2019/10/09 7:15 p.m.18 views

Cross site scripting

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

4.3CVSS6AI score0.01659EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2019/10/09 6:22 p.m.23 views

CVE-2019-17092

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...

6AI score0.01659EPSS
Exploits1References6
CVE
CVE
added 2019/10/09 6:22 p.m.55 views

CVE-2019-17092

CVE-2019-17092 is an XSS vulnerability in OpenProject’s project list. The issue occurs in versions before 9.0.4 and before 10.0.2, where the sortBy parameter can be manipulated to inject arbitrary script/html because error messages are mishandled. Several sources indicate affected release ranges ...

6.1CVSS5.9AI score0.01659EPSS
Exploits1References6Affected Software1
0day.today
0day.today
added 2019/05/14 12:0 a.m.92 views

OpenProject 5.0.0 - 8.3.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version:...

6.8CVSS8AI score0.79956EPSS
Exploits5
NVD
NVD
added 2019/05/13 8:29 p.m.25 views

CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

8.1CVSS8.7AI score0.79956EPSS
Exploits5References5
Rows per page
Query Builder