CVE-2024-35224

{"id": "CVE-2024-35224", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.3}]}, "published": "2024-05-23T13:15:09.380", "references": [{"url": "https://community.openproject.org/projects/openproject/work_packages/55198/relations", "source": "security-advisories@github.com"}, {"url": "https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions \"Edit work packages\" as well as \"Add attachments\". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.\n"}], "lastModified": "2024-05-24T01:15:30.977", "sourceIdentifier": "security-advisories@github.com"}