Vulnerabilities > Openproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-01 | CVE-2023-33960 | Cleartext Transmission of Sensitive Information vulnerability in Openproject OpenProject is web-based project management software. | 7.5 |
| 2023-05-08 | CVE-2023-31140 | Insufficient Session Expiration vulnerability in Openproject OpenProject is open source project management software. | 6.5 |
| 2021-12-14 | CVE-2021-43830 | SQL Injection vulnerability in Openproject OpenProject is a web-based project management software. | 6.5 |
| 2021-07-20 | CVE-2021-32763 | Unspecified vulnerability in Openproject OpenProject is open-source, web-based project management software. | 4.0 |
| 2019-10-09 | CVE-2019-17092 | Cross-site Scripting vulnerability in Openproject An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. | 6.1 |
| 2019-05-13 | CVE-2019-11600 | SQL Injection vulnerability in Openproject A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. | 8.1 |
| 2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 6.8 |