Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Project and Agile Management
  • Project Management

Project Management

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    30 Apr 2025 Project and Agile Management
    Redmine: Cross-Site Scripting via Improper Input Handling in Custom Query Handler

    In Redmine versions 6.0.0 through 6.0.3 a medium severity vulnerability CVE-2025-4011 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) via manipulation of the “Name” argument in the Custom Query Handler. To address this issue, users should upgrade Redmine to versions 6.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4011.

    Read more
    Project Management
    19 Dec 2024 Project and Agile Management
    Kanboard: Vulnerability in Session Expiration Handling

    In Kanboard versions prior to 1.2.43 a medium severity vulnerability CVE-2024-55603 was detected. This vulnerability allows attackers to use expired sessions as they remain valid due to improper verification of session lifetime in the database. To address this issue, users should upgrade Kanboard to version 1.2.43. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55603.

    Read more
    Project Management
    6 Dec 2024 Project and Agile Management
    Kanboard: HTML Injection Vulnerability

    In Kanboard version 1.2.40 a medium severity vulnerability CVE-2024-54001 was detected. This vulnerability allows attackers to inject malicious HTML or JavaScript into the application, potentially leading to unauthorized actions or data theft. To fix this issue, users should upgrade Kanboard to version 1.2.41. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-54001.

    Read more
    Project Management
    13 Nov 2024 Project and Agile Management
    Kanboard: Arbitrary PHP Code Execution Vulnerability

    In Kanboard versions before 1.2.41 a high severity vulnerability CVE-2024-51748 was detected. This vulnerability allows attackers to execute arbitrary PHP code on the server by exploiting a misconfigured file path in the sqlite.db settings. To fix this issue, users should upgrade Kanboard to version 1.2.42. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51748.

    Read more
    Project Management
    13 Nov 2024 Project and Agile Management
    Kanboard: Unrestricted File Access Vulnerability

    In Kanboard versions prior to 1.2.42 a critical severity vulnerability CVE-2024-51747 was detected. This vulnerability allows attackers to exploit misconfigured file paths in the database, enabling them to read or delete arbitrary files on the server. To fix this issue, users should upgrade Kanboard to version 1.2.42. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51747.

    Read more
    Project Management
    26 Jul 2024 Project and Agile Management
    OpenProject: Host Header Vulnerability

    In OpenProject versions before 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users with a fake HOST header, affecting default installations. Upgrade to version 14.3.0 to fix this by rejecting invalid hostnames. If upgrading isn’t possible, use mod_security for Apache, adjust Host and X-Forwarded-Host headers manually, or apply a patch for older versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.

    Read more
    Project Management
    26 Jul 2024 Project and Agile Management
    OpenProject: Update to Prevent Credential Theft Attack

    In OpenProject versions prior to 14.3.0 a medium severity vulnerability CVE-2024-41801 was detected. This vulnerability allows attackers to redirect users to fake sites to steal their credentials. To fix this problem, users should upgrade OpenProject to version 14.3.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41801.

    Read more
    Project Management
    11 Jun 2024 Project and Agile Management
    OpenProject: Misconfigured Tablesorter Enables Stored XSS Attacks in Cost Reports

    In OpenProject a high severity vulnerability CVE-2024-35224 was detected. A project admin could exploit a bug in the Cost Report feature to insert harmful code. Updating to version 13.4.2, 14.0.2, or 14.1.0 resolves this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35224/.

    Read more
    Project Management
    10 Jun 2024 Project and Agile Management
    Kanboard: Vulnerability Enables Attackers to Hijack Projects

    In Kanboard version 1.2.36 a high severity vulnerability CVE-2024-36399 was detected. This vulnerability allows attackers to take over any other project. To address this issue, users need to update to version 1.2.37. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36399/.

    Read more
    Project Management
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy