CVE-2023-31779
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/wekan/wekan/blob/master/CHANGELOG.md
- https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/wekan/wekan/blob/master/CHANGELOG.md
- https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.