Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openproject openproject vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-11667
OpenProject prior to 6.1.6 and 7.x prior to 7.0.3 mishandles session expiry, which allows remote malicious users to perform APIv3 requests indefinitely by leveraging a hijacked session.
Openproject Openproject 7.0.0
Openproject Openproject 7.0.2
Openproject Openproject 7.0.1
Openproject Openproject
6.5
CVSSv3
CVE-2023-31140
OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not termina...
Openproject Openproject
6.1
CVSSv3
CVE-2019-17092
An XSS vulnerability in project list in OpenProject prior to 9.0.4 and 10.x prior to 10.0.2 allows remote malicious users to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
Openproject Openproject
7.5
CVSSv3
CVE-2023-33960
OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the in...
Openproject Openproject
6.5
CVSSv3
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions before 11.3.3, the `MessagesController` class of OpenProject has a `quote` method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip `<pre>` ...
Openproject Openproject
8.8
CVSSv3
CVE-2021-43830
OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsuffi...
Openproject Openproject
8.1
CVSSv3
CVE-2019-11600
A SQL injection vulnerability in the activities API in OpenProject prior to 8.3.2 allows a remote malicious user to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API ...
Openproject Openproject
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started