Lucene search
PRIOn knowledge basePRION:CVE-2023-32685HistoryMay 30, 2023 - 5:15 a.m.
Cross site scripting
2023-05-3005:15:00
PRIOn knowledge base
www.prio-n.com
2
cross site scripting
kanboard
kanban methodology
clipboard
html injection
dom
low-privileged attacker
document attachment
csp configuration
0.001 Low
EPSS
Percentile
35.4%
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.
Related
cvelist
cvelist
debiancve
debiancve
CVE-2023-32685
2023-05-30 05:15:11
nvd
nvd
CVE-2023-32685
2023-05-30 05:15:11
osv
osv
CVE-2023-32685
2023-05-30 05:15:11
nessus
nessus
freebsd
freebsd
cnvd
cnvd
Kanboard Cross-Site Scripting Vulnerability (CNVD-2023-43858)
2023-05-31 00:00:00
cve
cve
CVE-2023-32685
2023-05-30 05:15:11