Description

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue.

INFO

Published Date :

2025-05-12T22:53:42.294Z

Last Modified :

2025-05-13T14:11:07.793Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46825 vulnerability.

Vendors Products
Kanboard
  • Kanboard
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46825.

URL Resource
https://github.com/kanboard/kanboard/blame/v1.2.44/app/Template/project_view/importTasks.php#L11 cve-icon cve-icon
https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808 cve-icon cve-icon
https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564 cve-icon cve-icon
https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact