GO-2026-4480 Vikunja Vulnerable to XSS Via Task Preview in code.vikunja.io/api

Vikunja Vulnerable to XSS Via Task Preview in code.vikunja.io/api...

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

CVE-2026-25935

Technical details for CVE-2026-25935 (Vikunja XSS prior to 1.1.0) are not provided in the supplied documents. Monitor for updates and refer to the fixed version 1.1.0 for remediation context.

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

Vikunja Vulnerable to XSS Via Task Preview

Summary The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task Details In the TaskGlanceTooltip.vue it temporarily creates a div and sets the innerHtml to the description here. Since there is no escaping on either the server or...

Vikunja Vulnerable to XSS Via Task Preview

The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task...