CVE-2024-54001

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-54001

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54001.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-54001

Aliases

GHSA-4vvp-jf72-chrj

Published

2024-12-05T16:15:26Z

Modified

2025-03-11T03:00:07.842987Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.

References

Affected packages

Debian:12 / kanboard

Package

Name: kanboard
Purl: pkg:deb/debian/kanboard?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.26+ds-2

1.2.26+ds-2+deb12u1

1.2.26+ds-2+deb12u2

1.2.26+ds-3

1.2.26+ds-4

1.2.30+ds-1

1.2.31+ds-1

1.2.31+ds2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kanboard/kanboard

Affected ranges

Type: GIT
Repo: https://github.com/kanboard/kanboard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2211b31e101c9ea5d80cccbc3331df44e31c1a38

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.2

v1.0.20

v1.0.21

v1.0.22

v1.0.23

v1.0.24

v1.0.25

v1.0.26

v1.0.27

v1.0.28

v1.0.29

v1.0.3

v1.0.30

v1.0.31

v1.0.32

v1.0.33

v1.0.34

v1.0.35

v1.0.36

v1.0.37

v1.0.38

v1.0.39

v1.0.4

v1.0.40

v1.0.41

v1.0.42

v1.0.43

v1.0.44

v1.0.45

v1.0.46

v1.0.47

v1.0.48

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.2

v1.2.20

v1.2.21

v1.2.22

v1.2.23

v1.2.24

v1.2.25

v1.2.26

v1.2.27

v1.2.28

v1.2.29

v1.2.3

v1.2.30

v1.2.31

v1.2.32

v1.2.33

v1.2.34

v1.2.35

v1.2.36

v1.2.37

v1.2.38

v1.2.39

v1.2.4

v1.2.40

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9