HTML Injection in Kanboard's Group Management Feature by Kanboard
CVE-2024-22720

4.8MEDIUM

Key Information:

Vendor: Kanboard
Status: Kanboard
Vendor: CVE Published:; 24 January 2024

Summary

Kanboard version 1.2.34 contains an HTML injection vulnerability in its group management feature. This flaw allows an attacker to insert arbitrary HTML code, potentially leading to malicious scripts being executed within the user’s browser context. If exploited, it could compromise user data and lead to further security breaches, emphasizing the need for timely security updates and user awareness.

References

https://cupc4k3.medium.com/html-injection-vulnerability-i...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2024
Vulnerability Reserved
Jan 11, 2024