CVE-2019-17092
Summary
| CVE | CVE-2019-17092 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-09 19:15:00 UTC |
| Updated | 2023-11-07 03:06:00 UTC |
| Description | An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openproject | Openproject | All | All | All | All |
| Application | Openproject | Openproject | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject | FULLDISC | seclists.org | |
| Google Groups | groups.google.com | ||
| Google Groups | MISC | groups.google.com | Patch, Third Party Advisory |
| OpenProject 10.0.1 / 9.0.3 Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | |
| OpenProject 9.0.4 » OpenProject.org | CONFIRM | www.openproject.org | Release Notes, Vendor Advisory |
| Bugtraq: SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject | BUGTRAQ | seclists.org | |
| OpenProject 10.0.2 » OpenProject.org | CONFIRM | www.openproject.org | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.