Worklenz
by Worklenz
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25947 | 0.00 | — | 0.00 | Feb 10, 2026 | Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and… | |||
| CVE-2025-70368 | 0.00 | — | 0.00 | Jan 26, 2026 | Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript… |
- CVE-2026-25947Feb 10, 2026risk 0.00cvss —epss 0.00
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and…
- CVE-2025-70368Jan 26, 2026risk 0.00cvss —epss 0.00
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript…