CVE-2019-17092

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-17092
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17092.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17092
Published
2019-10-09T19:15:13.990Z
Modified
2026-04-10T04:15:17.912580Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.

References

Affected packages

Git / github.com/opf/openproject

Affected ranges

Type
GIT
Repo
https://github.com/opf/openproject
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b1f1184da257f03ad0cb98d659cd297c76ab4681
Introduced
69231eeb79be5a1e37ced16e1df557189e58316a
Fixed
e7869b72508caa439beb54c0042017fe57c7833e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.0.4"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.2"
        }
    ]
}

Affected versions

v10.*
v10.0.0
v10.0.1
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17092.json"