Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
History

Thu, 05 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Kanboard
Kanboard kanboard
CPEs cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*
Vendors & Products Kanboard
Kanboard kanboard
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 05 Dec 2024 15:30:00 +0000

Type Values Removed Values Added
Description Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
Title Kanboard allows a persistent HTML injection site scripting in settings page date format
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-05T15:17:47.891Z

Updated: 2024-12-05T16:41:45.720Z

Reserved: 2024-11-25T23:14:36.384Z

Link: CVE-2024-54001

cve-icon Vulnrichment

Updated: 2024-12-05T16:41:14.048Z

cve-icon NVD

Status : Received

Published: 2024-12-05T16:15:26.650

Modified: 2024-12-05T16:15:26.650

Link: CVE-2024-54001

cve-icon Redhat

No data.