Shodan
Vulnerabilities
Vulnerable Software
Kanboard:  >> Kanboard  >> 1.0.35  Security Vulnerabilities
CVE-2023-32685
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.
CVSS Score
4.4
EPSS Score
0.007
Published
2023-05-30
CVE-2019-7324
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
CVE-2017-15208
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15209
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15210
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
CVSS Score
4.3
EPSS Score
0.003
Published
2017-10-11
CVE-2017-15211
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15212
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVSS Score
4.3
EPSS Score
0.003
Published
2017-10-11
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15196
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15197
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved