VYPR

project-management

by DevaslanPHP

CVEs (3)

  • CVE-2025-52203HigJul 31, 2025
    risk 0.49cvss 7.6epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into…

  • CVE-2026-10285MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper…

  • CVE-2026-10284MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a…