Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kanboard
Kanboard kanboard |
|
CPEs | cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:* | |
Vendors & Products |
Kanboard
Kanboard kanboard |
|
Metrics |
ssvc
|
Thu, 05 Dec 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41. | |
Title | Kanboard allows a persistent HTML injection site scripting in settings page date format | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-05T15:17:47.891Z
Updated: 2024-12-05T16:41:45.720Z
Reserved: 2024-11-25T23:14:36.384Z
Link: CVE-2024-54001
Vulnrichment
Updated: 2024-12-05T16:41:14.048Z
NVD
Status : Received
Published: 2024-12-05T16:15:26.650
Modified: 2024-12-05T16:15:26.650
Link: CVE-2024-54001
Redhat
No data.