Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
References
Link | Resource |
---|---|
https://github.com/wekan/wekan/blob/master/CHANGELOG.md | Release Notes |
https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279 | Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-05-22T00:00:00
Updated: 2023-05-22T00:00:00
Reserved: 2023-04-29T00:00:00
Link: CVE-2023-31779
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-22T13:15:09.913
Modified: 2023-05-31T13:38:31.893
Link: CVE-2023-31779
JSON object: View
Redhat Information
No data.
CWE