Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openproject openproject vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-11667
OpenProject prior to 6.1.6 and 7.x prior to 7.0.3 mishandles session expiry, which allows remote malicious users to perform APIv3 requests indefinitely by leveraging a hijacked session.
Openproject Openproject 7.0.0
Openproject Openproject 7.0.2
Openproject Openproject 7.0.1
Openproject Openproject
NA
CVE-2023-31140
OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not termina...
Openproject Openproject
356
VMScore
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions before 11.3.3, the `MessagesController` class of OpenProject has a `quote` method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip `<pre>` ...
Openproject Openproject
NA
CVE-2023-33960
OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the in...
Openproject Openproject
685
VMScore
CVE-2019-11600
A SQL injection vulnerability in the activities API in OpenProject prior to 8.3.2 allows a remote malicious user to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API ...
Openproject Openproject
1 EDB exploit
1 Github repository
383
VMScore
CVE-2019-17092
An XSS vulnerability in project list in OpenProject prior to 9.0.4 and 10.x prior to 10.0.2 allows remote malicious users to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
Openproject Openproject
578
VMScore
CVE-2021-43830
OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsuffi...
Openproject Openproject
NA
CVE-2024-35224
OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permiss...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started