VYPR
Unrated severityNVD Advisory· Published Jun 5, 2023· Updated Jan 8, 2025

Stored Cross site scripting in the Task External Link Functionality in Kanboard

CVE-2023-33969

Description

Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kanboard/Kanboardllm-fuzzy2 versions
    <1.2.30+ 1 more
    • (no CPE)range: <1.2.30
    • (no CPE)range: < 1.2.30

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.