Cross-Site Scripting in Kanboard by Kanboard Inc.
CVE-2019-7324
6.1MEDIUM
Summary
In Kanboard versions prior to 1.2.8, a vulnerability exists in the app/Core/Paginator.php file that allows for Cross-Site Scripting (XSS) attacks via pagination sorting. This security flaw can be exploited by an attacker to inject malicious scripts, potentially affecting users who interact with the pagination features. It is crucial for users of affected Kanboard versions to apply the latest security updates to mitigate this risk.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved