PT-2026-6806 · Unknown · Openproject
Sonntb21Dcat164
·
Publicado
2026-02-06
·
Atualizado
2026-02-09
·
CVE-2026-25764
CVSS v3.1
3.5
Baixa
| Vetor | AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
OpenProject versions prior to 16.6.7
OpenProject versions prior to 17.0.3
Description
OpenProject is a web-based project management software. A flaw exists in the time tracking function where the application fails to properly handle HTML tags. An attacker possessing administrator privileges can inject HTML through the name field when creating a work package within the Work package section during time tracking. This could lead to the execution of malicious code.
Recommendations
Update to OpenProject version 16.6.7 or later.
Update to OpenProject version 17.0.3 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openproject