Lucene search
+L

433 matches found

CVE
CVE
added 2023/06/26 12:0 a.m.41 views

CVE-2023-28485

CVE-2023-28485 affects WeKan prior to 6.75, stemming from a Stored XSS in the file preview/attachment rename logic. The vulnerability allows remote authenticated users to inject arbitrary script or HTML by exploiting file attachment names, with the ability to rename within their board (BoardAdmin...

5.4CVSS4.9AI score0.00965EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/06/26 12:0 a.m.16 views

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

5.4CVSS5.2AI score0.00965EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/06/26 12:0 a.m.48 views

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

5.1AI score0.00965EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2023/05/30 12:0 a.m.293 views

Wekan 6.74 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS vulnerability in rename functionality product: Wekan Open-Source kanban vulnerable version: =6.74 fixed version: 6.75 or higher CVE number: CVE-2023-28485...

7.1AI score0.00965EPSS
Exploits2
GithubExploit
GithubExploit
added 2023/05/23 7:58 a.m.9 views

Exploit for Cross-site Scripting in Wekan_Project Wekan

CVE-2023-31779 Stored XSS in Wekan Description: Stored...

5.4CVSS6.5AI score0.0056EPSS
Exploits1
NVD
NVD
added 2023/05/22 1:15 p.m.37 views

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

5.4CVSS5.4AI score0.0056EPSS
Exploits1References2
Prion
Prion
added 2023/05/22 1:15 p.m.24 views

Cross site scripting

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

4.9CVSS5.3AI score0.0056EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.5 views

Wekan 跨站脚本漏洞

Wekan is a website builder from the Wekan team that provides the ability to make planning lists and plan time. A security vulnerability exists in Wekan version v6.84. An attacker exploiting the vulnerability can insert JavaScript code...

5.4CVSS5.8AI score0.0056EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.7 views

PT-2023-23458 · Wekan · Wekan

Name of the Vulnerable Software and Affected Versions: Wekan versions 6.84 and earlier Description: The issue allows an attacker with user privilege on a kanban board to insert JavaScript code in the "Reaction to comment" feature, leading to Cross Site Scripting XSS. Recommendations: For Wekan...

5.4CVSS5.3AI score0.0056EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/05/22 12:0 a.m.11 views

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

5.4AI score0.0056EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/22 12:0 a.m.36 views

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

5.6AI score0.0056EPSS
Exploits1References2
CVE
CVE
added 2023/05/22 12:0 a.m.60 views

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross‑Site Scripting (XSS) via the "Reaction to comment" feature. A user with board privileges can inject JavaScript in responses to comments, with the exploit scenario noting potential token theft (e.g., Meteor.loginToken) and page content changes for phi...

5.4CVSS5.4AI score0.0056EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/22 12:0 a.m.11 views

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

5.4CVSS6.7AI score0.0056EPSS
Exploits1References4
CNVD
CNVD
added 2022/01/07 12:0 a.m.31 views

Wekan Cross-Site Scripting Vulnerability

Wekan is a highly finished open source kanban tool. wekan suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in WEB applications. An attacker could exploit the vulnerability to execute malicious javascript code...

3.5CVSS2.3AI score0.00751EPSS
Exploits1Affected Software1
NVD
NVD
added 2021/02/10 9:15 a.m.22 views

CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...

5.4CVSS0.00751EPSS
Exploits1References2
OSV
OSV
added 2021/02/10 9:15 a.m.12 views

CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...

5.4CVSS6.2AI score
Exploits0References2
Prion
Prion
added 2021/02/10 9:15 a.m.15 views

Cross site scripting

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...

3.5CVSS5.2AI score0.00751EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/10 8:50 a.m.29 views

CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...

5.4AI score0.00751EPSS
Exploits1References2
CVE
CVE
added 2021/02/10 8:50 a.m.52 views

CVE-2021-20654

Wekan (versions 3.12–4.11) is vulnerable to multiple stored cross-site scripting (Fieldbleed). Root cause cited as improper validation of client-side data leading to CWE-79. Impact: a logged-in user can store malicious input that executes JavaScript in other users’ browsers. Remediation: update t...

5.4CVSS5.1AI score0.00751EPSS
Exploits1References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/10 5:1 a.m.6 views

Wekan vulnerable to cross-site scripting

Overview Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Ryoya Koyama at Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

5.4CVSS6AI score0.00751EPSS
Exploits1References5
Rows per page
Query Builder