CVE-2025-24892

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 15.2.1

Description The issue arises from the application's failure to properly sanitize user input before displaying it in the Group Management section. Specifically, groups created with HTML script tags are not properly escaped before rendering them in a project.

Recommendations For versions prior to 15.2.1, update to OpenProject version 15.2.1 to resolve the issue. As a temporary workaround for those unable to upgrade, apply the patch manually.