CVE-2024-35224

CVE Database · CVE-2024-35224

CVE-2024-35224

· HIGHAnalyzed

CVSS v3.1

7.6

EPSS

0.33%

Published

May 23, 2024

Modified

Feb 13, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions "Edit work packages" as well as "Add attachments". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Weaknesses (CWE)

CWE-80

Affected Products (3)

openproject · openproject (up to 13.4.2)vulnerable

openproject · openproject (up to 14.0.2)vulnerable

openproject · openprojectvulnerable

References (4)

https://community.openproject.org/projects/openproject/work_packages/55198/relations

Issue Tracking

https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc

PatchVendor Advisory

https://community.openproject.org/projects/openproject/work_packages/55198/relations

Issue Tracking

https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs