CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41801 – OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration
https://notcve.org/view.php?id=CVE-2024-41801
OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user's account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. • https://github.com/opf/openproject/security/advisories/GHSA-g92v-vrq6-4fpw https://github.com/user-attachments/files/16371759/host-protection.patch https://www.openproject.org/docs/release-notes/14-3-0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35224 – Stored Cross-Site Scripting (XSS) in OpenProject
https://notcve.org/view.php?id=CVE-2024-35224
OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions "Edit work packages" as well as "Add attachments". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. • https://community.openproject.org/projects/openproject/work_packages/55198/relations https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •