CVE-2025-24892

10 Feb 2025

Título es

CVE-2025-24892

Lun, 10/02/2025 – 16:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-24892

Descripción en

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually.

10/02/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

3.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://github.com/opf/openproject/pull/17783

https://github.com/opf/openproject/security/advisories/GHSA-mg4q-ghvh-cm2j

https://patch-diff.githubusercontent.com/raw/opf/openproject/pull/17783.patch

https://www.openproject.org/docs/release-notes/12-5-1