Openproject Vulnerabilities
Comprehensive security vulnerability database for Openproject products
1
0
0
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2024-35224 | 7.6 | This vulnerability allows an attacker to inject malicious JavaScript into the OpenProject application, potentially compromising other users' accounts. To exploit this, the attacker needs permissions to edit work packages and add attachments, and they could use this to target a System Admin for privilege escalation. | openprojectopenproject | Theoretical | over 1 year agoMay 23, 2024 |
About Openproject Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Openproject products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.