CVE-2023-33969
Last modified
CVE-2023-33969 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kanboard | Kanboard | < 1.2.30 |
References
- https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9Exploit, Third Party Advisory
- https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-33969?
How severe is CVE-2023-33969?
How do I fix CVE-2023-33969?
Are you affected by CVE-2023-33969?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST