{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35224", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-14T15:39:41.784Z", "datePublished": "2024-05-23T12:53:04.336Z", "dateUpdated": "2024-08-02T03:07:46.774Z"}, "containers": {"cna": {"title": "Stored Cross-Site Scripting (XSS) in OpenProject", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc"}, {"name": "https://community.openproject.org/projects/openproject/work_packages/55198/relations", "tags": ["x_refsource_MISC"], "url": "https://community.openproject.org/projects/openproject/work_packages/55198/relations"}], "affected": [{"vendor": "opf", "product": "openproject", "versions": [{"version": ">= 13.4.0, < 13.4.2", "status": "affected"}, {"version": "< 14.1.0", "status": "affected"}, {"version": ">= 14.0.0, < 14.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-23T12:53:04.336Z"}, "descriptions": [{"lang": "en", "value": "OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions \"Edit work packages\" as well as \"Add attachments\". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.\n"}], "source": {"advisory": "GHSA-h26c-j8wg-frjc", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T16:39:22.186123Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:30.104Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.774Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc"}, {"name": "https://community.openproject.org/projects/openproject/work_packages/55198/relations", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.openproject.org/projects/openproject/work_packages/55198/relations"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35224", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-14T15:39:41.784Z", "datePublished": "2024-05-23T12:53:04.336Z", "dateUpdated": "2024-06-04T17:33:30.104Z"}, "containers": {"cna": {"title": "Stored Cross-Site Scripting (XSS) in OpenProject", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc"}, {"name": "https://community.openproject.org/projects/openproject/work_packages/55198/relations", "tags": ["x_refsource_MISC"], "url": "https://community.openproject.org/projects/openproject/work_packages/55198/relations"}], "affected": [{"vendor": "opf", "product": "openproject", "versions": [{"version": ">= 13.4.0, < 13.4.2", "status": "affected"}, {"version": "< 14.1.0", "status": "affected"}, {"version": ">= 14.0.0, < 14.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-23T12:53:04.336Z"}, "descriptions": [{"lang": "en", "value": "OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions \"Edit work packages\" as well as \"Add attachments\". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.\n"}], "source": {"advisory": "GHSA-h26c-j8wg-frjc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T16:39:22.186123Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T16:39:43.539Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BE38AC7-B42C-4309-98F7-43D85A2EF8A6", "versionEndExcluding": "13.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*", "matchCriteriaId": "56CC815B-FDB4-411E-A336-6FD817C3CB14", "versionEndExcluding": "14.0.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openproject:openproject:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "61007284-FF8C-484D-8CD2-B72F35184DB6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions \"Edit work packages\" as well as \"Add attachments\". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.\n"}, {"lang": "es", "value": "OpenProject es el software l\u00edder de gesti\u00f3n de proyectos de c\u00f3digo abierto. OpenProject utiliza \"tablesorter\" dentro de la funci\u00f3n Informe de costos. Esta dependencia, cuando est\u00e1 mal configurada, puede provocar que se almacene XSS mediante la sustituci\u00f3n de `{icon}` en los valores del encabezado de la tabla. Este ataque requiere los permisos \"Editar paquetes de trabajo\", as\u00ed como \"Agregar archivos adjuntos\". Un administrador de proyecto podr\u00eda intentar aumentar sus privilegios enviando este XSS a un administrador del sistema. De lo contrario, si se requiere un administrador del sistema completo, este ataque tendr\u00e1 un impacto significativamente menor. Al utilizar el archivo adjunto de un ticket, puede almacenar javascript en la propia aplicaci\u00f3n y omitir la pol\u00edtica CSP de la aplicaci\u00f3n para lograr Stored XSS. Esta vulnerabilidad ha sido parcheada en las versiones 14.1.0, 14.0.2 y 13.4.2."}], "id": "CVE-2024-35224", "lastModified": "2026-02-13T15:44:32.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-23T13:15:09.380", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://community.openproject.org/projects/openproject/work_packages/55198/relations"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://community.openproject.org/projects/openproject/work_packages/55198/relations"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}