216.73.216.86

CVE-2025-24892

· Published 10/02/2025 16:15 · Modified 10/02/2025 16:15

Labels: CVE-2025-24892 2025-02-10CVE-2025-24892CWE-79[email protected]

Essential information

Published
10/02/2025 16:15
Modified
10/02/2025 16:15
Author
Creator
CVSS
3.5 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS metrics

Description

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References