Vulnerabilities > Openproject > Openproject > 7.3.2

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-41801 Open Redirect vulnerability in Openproject
OpenProject is open source project management software.
network
low complexity
openproject CWE-601
6.1
6.1
2023-06-01 CVE-2023-33960 Cleartext Transmission of Sensitive Information vulnerability in Openproject
OpenProject is web-based project management software.
network
low complexity
openproject CWE-319
7.5
7.5
2021-07-20 CVE-2021-32763 Unspecified vulnerability in Openproject
OpenProject is open-source, web-based project management software.
network
low complexity
openproject
6.5
6.5
2019-10-09 CVE-2019-17092 Cross-site Scripting vulnerability in Openproject
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
network
low complexity
openproject CWE-79
6.1
6.1
2019-05-13 CVE-2019-11600 SQL Injection vulnerability in Openproject
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter.
network
high complexity
openproject CWE-89
8.1
8.1