Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2026/01/20 6:18 p.m.7 views

CVE-2026-23625

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References1
nvd
nvd
added 2026/01/19 6:16 p.m.10 views

CVE-2026-23625

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS0.00207EPSS
Exploits0References3
euvd
euvd
added 2026/01/19 5:41 p.m.5 views

EUVD-2026-3309

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/01/19 5:41 p.m.3 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5AI score0.00207EPSS
Exploits0References3
cvelist
cvelist
added 2026/01/19 5:41 p.m.30 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS0.00207EPSS
Exploits0References3
osv
osv
added 2026/01/19 5:41 p.m.6 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References5
cve
cve
added 2026/01/19 5:41 p.m.16 views

CVE-2026-23625

OpenProject CVE-2026-23625 affects versions 16.3.0–16.6.4. A stored XSS in the Roadmap view occurs when a version’s work packages include a subproject; the helper link_to_work_package renders package.project.to_s with html_safe, allowing HTML in subproject names to be injected. The issue is mitig...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder