Unrated severityNVD Advisory· Published Jun 5, 2023· Updated Jan 8, 2025
Stored Cross site scripting in the Task External Link Functionality in Kanboard
CVE-2023-33969
Description
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3cmitrex_refsource_MISC
- github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.