Описание
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-17092
- https://groups.google.com/forum/#!topic/openproject-security/tEsx0UXWxXA
- https://groups.google.com/forum/#%21topic/openproject-security/tEsx0UXWxXA
- https://seclists.org/bugtraq/2019/Oct/19
- https://www.openproject.org/release-notes/openproject-10-0-2
- https://www.openproject.org/release-notes/openproject-9-0-4
- http://packetstormsecurity.com/files/154851/OpenProject-10.0.1-9.0.3-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Oct/29
Связанные уязвимости
CVSS3: 6.1
nvd
больше 6 лет назад
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.