CVE-2025-24892 - OpenProject HTML Injection
CVE ID : CVE-2025-24892 Published : Feb. 10, 2025, 4:15 p.m. | 59 minutes ago Description : OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually. Severity: 3.5 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24892
Published : Feb. 10, 2025, 4:15 p.m. | 59 minutes ago
Description : OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Feb. 10, 2025, 4:15 p.m. | 59 minutes ago
Description : OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
