DEBIAN-CVE-2023-32685

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-32685

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-32685.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-32685

Upstream

CVE-2023-32685

Published

2023-05-30T05:15:11Z

Modified

2025-09-30T05:17:44.054423Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.

References

https://security-tracker.debian.org/tracker/CVE-2023-32685

Affected packages

Debian:14 / kanboard

Package

Name: kanboard
Purl: pkg:deb/debian/kanboard?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26+ds-3

Affected versions

1.*

1.2.22+ds-1

1.2.23+ds-1

1.2.23+ds-1.1

1.2.25+ds-1

1.2.25+ds-2

1.2.25+ds-3

1.2.26+ds-1

1.2.26+ds-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}