CVE-2021-20654

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20654

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20654.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20654

Published

2021-02-10T09:15:12.887Z

Modified

2026-03-14T10:41:02.576084Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.

References

Affected packages

Git / github.com/wekan/wekan

Affected ranges

Type

GIT

Repo

https://github.com/wekan/wekan

Events

Introduced

46cd1aced9e96494765073bae4073491f0c2f318

Last affected

a7d12ddcaaf01846e7334233bdb9deb08d42f242

Database specific

{
    "versions": [
        {
            "introduced": "3.12"
        },
        {
            "last_affected": "4.11"
        }
    ]
}

Affected versions

v3.*

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.21

v3.22

v3.23

v3.24

v3.25

v3.26

v3.27

v3.29

v3.30

v3.31

v3.32

v3.33

v3.34

v3.35

v3.36

v3.37

v3.38

v3.39

v3.40

v3.41

v3.42

v3.43

v3.44

v3.45

v3.46

v3.47

v3.48

v3.49

v3.50

v3.51

v3.52

v3.53

v3.54

v3.55

v3.56

v3.57

v3.58

v3.59

v3.60

v3.61

v3.62

v3.63

v3.64

v3.65

v3.66

v3.67

v3.68

v3.69

v3.70

v3.71

v3.73

v3.74

v3.75

v3.76

v3.77

v3.78

v3.79

v3.80

v3.81

v3.82

v3.83

v3.84

v3.85

v3.86

v3.87

v3.88

v3.89

v3.90

v3.91

v3.92

v3.93

v3.94

v3.95

v3.96

v3.97

v3.98

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.09

v4.10

v4.11

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20654.json"