Security Advisory

CVE-2024-54001

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-05 15:17:47
Last updated 2024-12-05 16:41:45
Assigner GitHub_M
State PUBLISHED

Description

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.