CVE-2023-28485

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-28485
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28485.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28485
Published
2023-06-26T16:15:09.537Z
Modified
2025-11-20T12:17:00.881176Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.

References

Affected packages

Git / github.com/wekan/wekan

Affected ranges

Type
GIT
Repo
https://github.com/wekan/wekan
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aa0e1955b0ab3c0c62b3ccb3c9e1fd24b83debe9

Affected versions

2.*
2.52
4.*
4.30
4.31
Other
stable
v0.*
v0.10-rc2
v0.10.0
v0.10.0-rc1
v0.10.0-rc3
v0.10.0-rc4
v0.10.1
v0.11.0-rc1
v0.11.0-rc2
v0.11.1-rc1
v0.11.1-rc2
v0.12
v0.13
v0.16
v0.17
v0.18
v0.19
v0.20
v0.21
v0.22
v0.23
v0.24
v0.25
v0.26
v0.27
v0.28
v0.29
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.36
v0.37
v0.38
v0.39
v0.40
v0.41
v0.42
v0.43
v0.44
v0.45
v0.46
v0.47
v0.48
v0.49
v0.50
v0.51
v0.52
v0.53
v0.54
v0.55
v0.56
v0.57
v0.58
v0.59
v0.60
v0.61
v0.62
v0.63
v0.64
v0.65
v0.66
v0.67
v0.68
v0.69
v0.70
v0.71
v0.72
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.80
v0.81
v0.82
v0.83
v0.84
v0.85
v0.86
v0.87
v0.88
v0.89
v0.9
v0.9.0-rc1
v0.9.0-rc2
v0.90
v0.91
v0.92
v0.93
v0.94
v0.95
v0.96
v0.97
v0.98
v0.99
v1.*
v1.00
v1.01
v1.02
v1.03
v1.04
v1.05
v1.06
v1.07
v1.08
v1.09
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.18
v1.19
v1.20
v1.21
v1.23
v1.24
v1.25
v1.26
v1.27
v1.29
v1.30
v1.31
v1.32
v1.33
v1.34
v1.35
v1.36
v1.37
v1.38
v1.39
v1.40
v1.41
v1.42
v1.43
v1.44
v1.45
v1.46
v1.47
v1.48
v1.49
v1.49-edge-1
v1.49.1
v1.50
v1.50.1
v1.50.2
v1.50.3
v1.51
v1.51.1
v1.51.2
v1.52
v1.52.1
v1.53
v1.53.1
v1.53.2
v1.53.3
v1.53.4
v1.53.5
v1.53.6
v1.53.7
v1.53.8
v1.53.9
v1.54
v1.55
v1.55.1
v1.57
v1.58
v1.59
v1.60
v1.61
v1.62
v1.63
v1.64
v1.64.1
v1.64.2
v1.65
v1.66
v1.67
v1.68
v1.69
v1.69.2
v1.70
v1.71
v1.72
v1.73
v1.74
v1.74.1
v1.75
v1.76
v1.77
v1.78
v1.79
v1.80
v1.81
v1.82
v1.83
v1.84
v1.85
v1.86
v1.87
v1.88
v1.89
v1.90
v1.91
v1.92
v1.93
v1.94
v1.95
v1.96
v1.97
v1.98
v1.99
v2.*
v2.00
v2.01
v2.02
v2.03
v2.04
v2.05
v2.06
v2.07
v2.08
v2.09
v2.10
v2.11
v2.12
v2.13
v2.14
v2.15
v2.16
v2.17
v2.18
v2.19
v2.20
v2.21
v2.22
v2.23
v2.24
v2.25
v2.26
v2.27
v2.28
v2.29
v2.30
v2.31
v2.32
v2.33
v2.34
v2.35
v2.36
v2.37
v2.38
v2.39
v2.40
v2.41
v2.42
v2.43
v2.44
v2.45
v2.46
v2.47
v2.48
v2.49
v2.50
v2.51
v2.52
v2.53
v2.54
v2.55
v2.55.1
v2.56
v2.56.1
v2.57
v2.58
v2.59
v2.60
v2.60.1
v2.61
v2.62
v2.63
v2.64
v2.65
v2.66
v2.67
v2.68
v2.69
v2.70
v2.71
v2.72
v2.73
v2.74
v2.75
v2.76
v2.77
v2.78
v2.79
v2.80
v2.81
v2.82
v2.83
v2.84
v2.85
v2.86
v2.87
v2.88
v2.89
v2.90
v2.91
v2.92
v2.94
v2.98
v2.99
v3.*
v3.00
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.07
v3.08
v3.09
v3.10
v3.11
v3.12
v3.13
v3.14
v3.15
v3.16
v3.17
v3.18
v3.19
v3.20
v3.21
v3.22
v3.23
v3.24
v3.25
v3.26
v3.27
v3.29
v3.30
v3.31
v3.32
v3.33
v3.34
v3.35
v3.36
v3.37
v3.38
v3.39
v3.40
v3.41
v3.42
v3.43
v3.44
v3.45
v3.46
v3.47
v3.48
v3.49
v3.50
v3.51
v3.52
v3.53
v3.54
v3.55
v3.56
v3.57
v3.58
v3.59
v3.60
v3.61
v3.62
v3.63
v3.64
v3.65
v3.66
v3.67
v3.68
v3.69
v3.70
v3.71
v3.73
v3.74
v3.75
v3.76
v3.77
v3.78
v3.79
v3.80
v3.81
v3.82
v3.83
v3.84
v3.85
v3.86
v3.87
v3.88
v3.89
v3.90
v3.91
v3.92
v3.93
v3.94
v3.95
v3.96
v3.97
v3.98
v3.99
v4.*
v4.00
v4.01
v4.02
v4.03
v4.04
v4.05
v4.06
v4.07
v4.08
v4.09
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.17
v4.18
v4.19
v4.20
v4.21
v4.22
v4.23
v4.24
v4.25
v4.26
v4.27
v4.28
v4.29
v4.32
v4.33
v4.34
v4.35
v4.36
v4.37
v4.38
v4.39
v4.40
v4.41
v4.42
v4.43
v4.44
v4.45
v4.46
v4.47
v4.48
v4.49
v4.50
v4.51
v4.52
v4.53
v4.54
v4.55
v4.56
v4.57
v4.58
v4.59
v4.60
v4.61
v4.62
v4.63
v4.64
v4.65
v4.66
v4.67
v4.68
v4.69
v4.70
v4.71
v4.72
v4.73
v4.74
v4.75
v4.76
v4.77
v4.78
v4.79
v4.80
v4.81
v4.82
v4.83
v4.84
v4.85
v4.86
v4.87
v4.88
v4.89
v4.90
v4.91
v4.92
v4.93
v4.94
v4.95
v4.96
v4.98
v4.99
v5.*
v5.00
v5.01
v5.02
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.09
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.17
v5.18
v5.19
v5.20
v5.21
v5.22
v5.23
v5.24
v5.25
v5.26
v5.27
v5.28
v5.29
v5.30
v5.31
v5.32
v5.33
v5.34
v5.35
v5.36
v5.37
v5.38
v5.39
v5.40
v5.41
v5.42
v5.43
v5.44
v5.45
v5.46
v5.47
v5.48
v5.49
v5.50
v5.51
v5.52
v5.53
v5.54
v5.55
v5.56
v5.57
v5.58
v5.59
v5.60
v5.61
v5.62
v5.63
v5.64
v5.65
v5.66
v5.67
v5.68
v5.69
v5.70
v5.71
v5.72
v5.73
v5.74
v5.75
v5.76
v5.77
v5.78
v5.79
v5.80
v5.81
v5.82
v5.83
v5.84
v5.85
v5.86
v5.87
v5.88
v5.89
v5.90
v5.91
v5.92
v5.93
v5.94
v5.95
v5.96
v5.97
v5.98
v5.99
v6.*
v6.00
v6.01
v6.02
v6.03
v6.04
v6.05
v6.06
v6.07
v6.08
v6.09
v6.10
v6.11
v6.12
v6.13
v6.14
v6.15
v6.16
v6.17
v6.18
v6.19
v6.20
v6.21
v6.22
v6.23
v6.24
v6.25
v6.26
v6.27
v6.28
v6.29
v6.30
v6.31
v6.32
v6.33
v6.34
v6.35
v6.36
v6.37
v6.38
v6.39
v6.40
v6.41
v6.42
v6.43
v6.44
v6.45
v6.46
v6.47
v6.48
v6.49
v6.50
v6.51
v6.52
v6.53
v6.54
v6.55
v6.56
v6.57
v6.58
v6.59
v6.60
v6.61
v6.62
v6.63
v6.64
v6.65
v6.67
v6.68
v6.69
v6.70
v6.71
v6.72
v6.73
v6.74

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28485.json"