{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T18:23:53.245","vulnerabilities":[{"cve":{"id":"CVE-2026-30235","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T17:16:57.470","lastModified":"2026-03-13T19:22:16.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM clobbering. DOM clobbering can crash or blank the entire page by overwriting native DOM functions with HTML elements, causing critical JavaScript calls to throw runtime errors during application initialization and halt further execution. This vulnerability is fixed in 17.2.0."},{"lang":"es","value":"OpenProject es un software de gestión de proyectos de código abierto y basado en la web. Antes de la versión 17.2.0, esta vulnerabilidad ocurre debido a una validación incorrecta del renderizado de Markdown de OpenProject, específicamente en el manejo de hipervínculos. Esto permite a un atacante inyectar cargas útiles de hipervínculos maliciosos que realizan DOM clobbering. El DOM clobbering puede bloquear o dejar en blanco la página completa al sobrescribir funciones DOM nativas con elementos HTML, causando que llamadas críticas de JavaScript arrojen errores en tiempo de ejecución durante la inicialización de la aplicación y detengan la ejecución posterior. Esta vulnerabilidad está corregida en la versión 17.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*","versionEndExcluding":"17.2.0","matchCriteriaId":"4FB19C4D-0273-43F6-9AF6-3D30795D43BB"}]}]}],"references":[{"url":"https://github.com/opf/openproject/security/advisories/GHSA-9rv2-9xv5-gpq8","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}