Kanboard
by Kanboard
Source repositories
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22720 | 0.00 | — | 0.00 | Jan 24, 2024 | Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. | |||
| CVE-2023-36813 | 0.00 | — | 0.01 | Jul 5, 2023 | Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations,… | |||
| CVE-2023-33969 | 0.00 | — | 0.01 | Jun 5, 2023 | Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack.… | |||
| CVE-2023-33970 | 0.00 | — | 0.01 | Jun 5, 2023 | Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they… | |||
| CVE-2023-33968 | 0.00 | — | 0.00 | Jun 5, 2023 | Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even… | |||
| CVE-2023-33956 | 0.00 | — | 0.01 | Jun 5, 2023 | Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read… | |||
| CVE-2023-32685 | 0.00 | — | 0.01 | May 30, 2023 | Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission… | |||
| CVE-2019-7324 | 0.00 | — | 0.01 | Feb 4, 2019 | app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. | |||
| CVE-2014-3920 | 0.00 | — | 0.01 | Jul 3, 2014 | Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI. |
- CVE-2024-22720Jan 24, 2024risk 0.00cvss —epss 0.00
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.
- CVE-2023-36813Jul 5, 2023risk 0.00cvss —epss 0.01
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations,…
- CVE-2023-33969Jun 5, 2023risk 0.00cvss —epss 0.01
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack.…
- CVE-2023-33970Jun 5, 2023risk 0.00cvss —epss 0.01
Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they…
- CVE-2023-33968Jun 5, 2023risk 0.00cvss —epss 0.00
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even…
- CVE-2023-33956Jun 5, 2023risk 0.00cvss —epss 0.01
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read…
- CVE-2023-32685May 30, 2023risk 0.00cvss —epss 0.01
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission…
- CVE-2019-7324Feb 4, 2019risk 0.00cvss —epss 0.01
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
- CVE-2014-3920Jul 3, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
Page 3 of 3