CNNVD-202601-3025 Information
CNNVD ID
CNNVD-202601-3025
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.3.0版本至16.6.4版本存在跨站脚本漏洞,该漏洞源于路线图视图中对用户控制的子项目名称未进行转义,可能导致存储型跨站脚本攻击。
Description (English)
OpenProject is a Web-based project management software from OpenProject Open Source. OpenProject 16.3.0 to 16.6.4 has a cross-site script loophole, which stems from the failure to convert user-controlled sub-item names in the road map view, which may result in a storage-type cross-site script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
OpenProject
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/opf/openproject/releases/tag/v16.6.5 https://github.com/opf/openproject/security/advisories/GHSA-cvpq-cc56-gwxx https://github.com/opf/openproject/releases/tag/v17.0.0 https://access.redhat.com/security/cve/cve-2026-23625
Patch
https://github.com/opf/openproject/releases
Share on: