433 matches found
CVE-2023-28485
CVE-2023-28485 affects WeKan prior to 6.75, stemming from a Stored XSS in the file preview/attachment rename logic. The vulnerability allows remote authenticated users to inject arbitrary script or HTML by exploiting file attachment names, with the ability to rename within their board (BoardAdmin...
CVE-2023-28485
A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...
CVE-2023-28485
A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...
Wekan 6.74 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS vulnerability in rename functionality product: Wekan Open-Source kanban vulnerable version: =6.74 fixed version: 6.75 or higher CVE number: CVE-2023-28485...
Exploit for Cross-site Scripting in Wekan_Project Wekan
CVE-2023-31779 Stored XSS in Wekan Description: Stored...
CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...
Cross site scripting
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...
Wekan 跨站脚本漏洞
Wekan is a website builder from the Wekan team that provides the ability to make planning lists and plan time. A security vulnerability exists in Wekan version v6.84. An attacker exploiting the vulnerability can insert JavaScript code...
PT-2023-23458 · Wekan · Wekan
Name of the Vulnerable Software and Affected Versions: Wekan versions 6.84 and earlier Description: The issue allows an attacker with user privilege on a kanban board to insert JavaScript code in the "Reaction to comment" feature, leading to Cross Site Scripting XSS. Recommendations: For Wekan...
CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...
CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...
CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross‑Site Scripting (XSS) via the "Reaction to comment" feature. A user with board privileges can inject JavaScript in responses to comments, with the exploit scenario noting potential token theft (e.g., Meteor.loginToken) and page content changes for phi...
CVE-2023-31779
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...
Wekan Cross-Site Scripting Vulnerability
Wekan is a highly finished open source kanban tool. wekan suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in WEB applications. An attacker could exploit the vulnerability to execute malicious javascript code...
CVE-2021-20654
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...
CVE-2021-20654
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...
Cross site scripting
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...
CVE-2021-20654
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...
CVE-2021-20654
Wekan (versions 3.12–4.11) is vulnerable to multiple stored cross-site scripting (Fieldbleed). Root cause cited as improper validation of client-side data leading to CWE-79. Impact: a logged-in user can store malicious input that executes JavaScript in other users’ browsers. Remediation: update t...
Wekan vulnerable to cross-site scripting
Overview Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Ryoya Koyama at Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...