Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/01/20 6:18 p.m.7 views

CVE-2026-23625

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References1
osv
osv
added 2026/01/19 5:41 p.m.6 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/01/19 5:41 p.m.3 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5AI score0.00207EPSS
Exploits0References3
cvelist
cvelist
added 2026/01/19 5:41 p.m.30 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS0.00207EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/01/19 12:0 a.m.9 views

OpenProject cross-site scripting vulnerabilities

OpenProject is an open-source web-based project management software. Versions 16.3.0 to 16.6.4 of OpenProject contain cross-site scripting vulnerabilities. These vulnerabilities stem from the lack of escaping of user-controlled sub-project names in the roadmap view, which may lead to...

8.7CVSS5.6AI score0.00207EPSS
Exploits0References4
Rows per page
Query Builder