Wekan Project: >> Wekan >> 1.04.0 Security Vulnerabilities
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-22
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
CVSS Score
8.1
EPSS Score
0.004
Published
2021-01-26
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-06-26
Page 4