CVE-2024-54001
- Reference to the description:
- Description:
- Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
- Last updated date:
- 03/10/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/10/2025
- Reference url to background
https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj