CVE-2024-54001 | Kanboard up to 1.2.40 Setting cross site scripting (GHSA-4vvp-jf72-chrj)

Posted by Angelo Barbosa | Dec 5, 2024 | CVE

A vulnerability classified as problematic has been found in Kanboard up to 1.2.40. Affected is an unknown function of the component Setting Handler. The manipulation of the argument application_language/application_date_format/application_timezone/application_time_format leads to basic cross site scripting.

This vulnerability is traded as CVE-2024-54001. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-54001 | Kanboard up to 1.2.40 Setting cross site scripting (GHSA-4vvp-jf72-chrj)

Related Posts

CVE-2024-5275 | Fortra FileCatalyst Direct/FileCatalyst Workflow hard-coded password

CVE-2024-6333 | Xerox WorkCentre EC7856 input validation

CVE-2024-1001 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi main stack-based overflow

CVE-2021-47006 | Linux Kernel up to 5.12.4 ARM overflow_handler Privilege Escalation