CVE-2023-33969 MEDIUM

CVE-2023-33969: Stored Cross site scripting in the Task External Link Functionality in Kanboard

Vendor Kanboard
Product kanboard
Weakness CWE-79 · XSS
Published June 5, 2023
Last update January 8, 2025

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.

Key dates

02Disclosure timeline

June 5, 2023 CVE published
January 8, 2025 Record updated