Vulnerabilities > Openproject > Openproject > 4.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-41801 | Open Redirect vulnerability in Openproject OpenProject is open source project management software. | 6.1 |
| 2023-06-01 | CVE-2023-33960 | Cleartext Transmission of Sensitive Information vulnerability in Openproject OpenProject is web-based project management software. | 7.5 |
| 2021-07-20 | CVE-2021-32763 | Unspecified vulnerability in Openproject OpenProject is open-source, web-based project management software. | 6.5 |
| 2019-10-09 | CVE-2019-17092 | Cross-site Scripting vulnerability in Openproject An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. | 6.1 |
| 2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 8.1 |