Kanboard
CVE-2024-54001
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
AnalysisAI
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-80. Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41. Affected products include: Kanboard.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Kanboard project management (through 1.2.48) has an authentication bypass when REVERSE_PROXY_AUTH is enabled. The applic
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 8.8), this vul
Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation rest
Kanboard prior to version 1.2.46 contains a host header injection vulnerability that allows unauthenticated attackers to
Broken object-level authorization in Kanboard through 1.2.52 lets any authenticated user who belongs to at least one pro
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul
Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vul
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentic
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this v
Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS
Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.3), this v
Same weakness CWE-80 – Basic XSS
View allShare
External POC / Exploit Code
Leaving vuln.today