CNNVD-202602-937 Information

CNNVD ID

CNNVD-202602-937

Related CVE

CVE-2026-25764

• CNNVD Published: 2026-02-06

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.7之前版本和17.0.3之前版本存在安全漏洞，该漏洞源于时间跟踪功能中存在HTML注入，可能导致跨站脚本攻击。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. There is a security loophole in previous versions of OpenProject 16.6.7 and 17.0.3, which stems from the use of HTML injections in the time-tracking function, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenProject

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/opf/openproject/releases/tag/v16.6.7 https://github.com/opf/openproject/releases/tag/v17.0.3 https://github.com/opf/openproject/security/advisories/GHSA-q523-c695-h3hp https://access.redhat.com/security/cve/cve-2026-25764

Patch

https://github.com/opf/openproject/releases