414 matches found
OpenProject SQL注入漏洞
OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. OpenProject suffers from a SQL injection vulnerability that originates in the budget module...
PT-2021-23962 · Unknown · Openproject
Name of the Vulnerable Software and Affected Versions: OpenProject versions 12.0.0 through 12.0.3 Description: OpenProject is a web-based project management software. The software is vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, t...
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
Design/Logic Flaw
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
CVE-2021-32763
OpenProject prior to 11.3.3 is affected by CVE-2021-32763 due to a Regular Expression Denial of Service in the MessagesController.quote method, which uses a regex to strip tags from quoted forum messages. The problematic pattern (.|\s) allows backtracking when encountering an unterminated tag w...
CVE-2021-32763 Regular Expression Denial of Service in OpenProject forum messages
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
OpenProject安全漏洞
OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A security vulnerability exists in OpenProject. The vulnerability originates from mismanagement of system resources e.g., memory, disk...
PT-2021-19912 · Unknown · Openproject
Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 11.3.3 Description: The issue concerns the MessagesController class in OpenProject, specifically the quote method, which is used for the Quote button in discussion forums. This method uses a regex to remove tags...
OPF OpenProject Cross-Site Scripting (CVE-2019-17092)
A cross-site scripting vulnerability exists in OPF OpenProject. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
OPF OpenProject Activities API SQL Injection (CVE-2019-11600)
A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...
OpenProject 10.0.1 / 9.0.3 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: = 9.0.3, =10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium homepage:...
OpenProject Cross-Site Scripting Vulnerability
OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A cross-site scripting vulnerability exists in the project list in OpenProject versions prior to 9.0.4 and 10.x version...
CVE-2019-17092
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...
CVE-2019-17092
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...
Cross site scripting
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...
CVE-2019-17092
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...
CVE-2019-17092
CVE-2019-17092 is an XSS vulnerability in OpenProject’s project list. The issue occurs in versions before 9.0.4 and before 10.0.2, where the sortBy parameter can be manipulated to inject arbitrary script/html because error messages are mishandled. Several sources indicate affected release ranges ...
OpenProject 5.0.0 - 8.3.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version:...
CVE-2019-11600
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...