Cross Site Scripting Vulnerability in Wekan by WeKan
CVE-2023-31779

5.4MEDIUM

Key Information:

Vendor: Wekan Project
Status: Wekan
Vendor: CVE Published:; 22 May 2023

🔔 Create Wekan Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-31779?

Wekan, an open-source kanban board application, is susceptible to a Cross Site Scripting (XSS) vulnerability in versions 6.84 and earlier. This flaw allows an attacker with user privileges to insert malicious JavaScript code into the 'Reaction to comment' feature. Exploiting this vulnerability can compromise user sessions and lead to unauthorized actions within the application. It is crucial for users to update to the latest version to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-31779
Created by jet-pentest

References

https://github.com/wekan/wekan/blob/master/CHANGELOG.md

https://github.com/wekan/wekan/commit/47ac33d6c234359c31d...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 23, 2023
👾
Exploit known to exist
May 23, 2023
Vulnerability published
May 22, 2023
Vulnerability Reserved
Apr 29, 2023

JSON