Kanboard Vulnerability Could Lead to XSS Attacks
CVE-2024-54001

5.5MEDIUM

Key Information:

Vendor: Kanboard
Status: Kanboard
Vendor: CVE Published:; 5 December 2024

Summary

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.

Affected Version(s)

kanboard < 1.2.41

References

https://github.com/kanboard/kanboard/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 25, 2024