RSS   Vulnerabilities for 'Kanboard'   RSS

2019-02-04
 
CVE-2019-7324

CWE-79
 

 
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.

 
2017-10-10
 
CVE-2017-15212

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.

 
 
CVE-2017-15211

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.

 
 
CVE-2017-15210

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.

 
 
CVE-2017-15209

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

 
 
CVE-2017-15208

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.

 
 
CVE-2017-15207

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.

 
 
CVE-2017-15206

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.

 
 
CVE-2017-15205

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

 
 
CVE-2017-15204

 

 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.

 


Copyright 2019, cxsecurity.com

 

Back to Top