Kanboard: >> Kanboard >> 1.2.0 Security Vulnerabilities
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.
CVSS Score
4.4
EPSS Score
0.007
Published
2023-05-30
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-04
Page 3