Vulnerabilities > Openproject

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-41801 Open Redirect vulnerability in Openproject
OpenProject is open source project management software.
network
low complexity
openproject CWE-601
6.1
2023-06-01 CVE-2023-33960 Cleartext Transmission of Sensitive Information vulnerability in Openproject
OpenProject is web-based project management software.
network
low complexity
openproject CWE-319
7.5
2023-05-08 CVE-2023-31140 Unspecified vulnerability in Openproject
OpenProject is open source project management software.
network
low complexity
openproject
6.5
2021-12-14 CVE-2021-43830 Unspecified vulnerability in Openproject
OpenProject is a web-based project management software.
network
low complexity
openproject
8.8
2021-07-20 CVE-2021-32763 Unspecified vulnerability in Openproject
OpenProject is open-source, web-based project management software.
network
low complexity
openproject
6.5
2019-10-09 CVE-2019-17092 Cross-site Scripting vulnerability in Openproject
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
network
low complexity
openproject CWE-79
6.1
2019-05-13 CVE-2019-11600 SQL Injection vulnerability in Openproject
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter.
network
high complexity
openproject CWE-89
8.1
2017-07-26 CVE-2017-11667 Insufficient Session Expiration vulnerability in Openproject
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.
network
high complexity
openproject CWE-613
8.1