Wekan Project: >> Wekan Security Vulnerabilities
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-10
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
CVSS Score
8.1
EPSS Score
0.004
Published
2021-01-26
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-06-26
Page 3