CVE-2024-54001

Kanboard allows a persistent HTML injection site scripting in settings page date format

Description

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.

INFO

Published Date :

2024-12-05T15:17:47.891Z

Last Modified :

2024-12-05T16:41:45.720Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-54001 vulnerability.

Vendors	Products
Kanboard	Kanboard

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-54001.

URL	Resource
https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact