CVE-2024-22720 / HTML Injection Vulnerability in Kanboard Group Management #5411
Labels
Comments
carnil
changed the title
|
Unfortunately, this issue has never been reported to the project, and it appears that anyone can fill out a CVE without any verification whatsoever, not even notifying the software author. Here is the fix #5412. |
5 tasks
|
Fix available in Kanboard 1.2.35 |
|
@fguillot thanks a lot for the quick action on this. Yes I do agree, it the most ideal case people discovering issues do responsible handle this with the respective upstream, requesting CVEs is fine if they are valid, but here the most important bit to actually make upstream aware of an issue seems to have gone missing. (note I'm just the messenger from a downstream distribution including kanboard). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[Since the post is already public for a while I'm filling this as public report]
There was recently the following blogpost for CVE-2024-22720 a HTML injection in kanboard's group managment.
https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b
Was this issue reported to you upstream? If not, can you have a look at the
report for an analysis?
The text was updated successfully, but these errors were encountered: