3 matches found
CVE-2025-46825 Kanboard has stored Cross-site Scripting vulnerability in project name
Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Localize: XSS in main page (invitation)
If a project name is saved with a XSS string such as: ā!-- and a translator visits and requests and invite, it'll result in the xss executing in the main page, due to the fact that it shows your requests. Screen: http://prntscr.com/3awwuv...