VYPR

Openslides

by Intevation

Source repositories

CVEs (7)

  • CVE-2026-25519Feb 4, 2026
    risk 0.00cvss epss 0.00

    OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML…

  • CVE-2025-30343Mar 21, 2025
    risk 0.00cvss epss 0.00

    A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the…

  • CVE-2025-30344Mar 21, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100…

  • CVE-2025-30342Mar 21, 2025
    risk 0.00cvss epss 0.00

    An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element,…

  • CVE-2025-30345Mar 21, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded…

  • CVE-2024-22893Sep 25, 2024
    risk 0.00cvss epss 0.00

    OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.

  • CVE-2024-22892Sep 25, 2024
    risk 0.00cvss epss 0.00

    OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.