VYPR

Kanboard

by Kanboard

Source repositories

CVEs (49)

  • CVE-2024-22720Jan 24, 2024
    risk 0.00cvss epss 0.00

    Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.

  • CVE-2023-36813Jul 5, 2023
    risk 0.00cvss epss 0.01

    Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations,…

  • CVE-2023-33969Jun 5, 2023
    risk 0.00cvss epss 0.01

    Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack.…

  • CVE-2023-33970Jun 5, 2023
    risk 0.00cvss epss 0.01

    Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they…

  • CVE-2023-33968Jun 5, 2023
    risk 0.00cvss epss 0.00

    Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even…

  • CVE-2023-33956Jun 5, 2023
    risk 0.00cvss epss 0.01

    Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read…

  • CVE-2023-32685May 30, 2023
    risk 0.00cvss epss 0.01

    Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission…

  • CVE-2019-7324Feb 4, 2019
    risk 0.00cvss epss 0.01

    app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.

  • CVE-2014-3920Jul 3, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.

Page 3 of 3