Vulnerabilities > Openproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-01 | CVE-2023-33960 | Cleartext Transmission of Sensitive Information vulnerability in Openproject OpenProject is web-based project management software. | 7.5 |
| 2021-12-14 | CVE-2021-43830 | Unspecified vulnerability in Openproject OpenProject is a web-based project management software. | 8.8 |
| 2019-05-13 | CVE-2019-11600 | SQL Injection vulnerability in Openproject A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. | 8.1 |
| 2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 8.1 |