You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
carnil
changed the title
CVE-2024–22720 / HTML Injection Vulnerability in Kanboard Group Management
CVE-2024-22720 / HTML Injection Vulnerability in Kanboard Group Management
Feb 2, 2024
Unfortunately, this issue has never been reported to the project, and it appears that anyone can fill out a CVE without any verification whatsoever, not even notifying the software author.
@fguillot thanks a lot for the quick action on this. Yes I do agree, it the most ideal case people discovering issues do responsible handle this with the respective upstream, requesting CVEs is fine if they are valid, but here the most important bit to actually make upstream aware of an issue seems to have gone missing. (note I'm just the messenger from a downstream distribution including kanboard).
[Since the post is already public for a while I'm filling this as public report]
There was recently the following blogpost for CVE-2024-22720 a HTML injection in kanboard's group managment.
https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b
Was this issue reported to you upstream? If not, can you have a look at the
report for an analysis?
The text was updated successfully, but these errors were encountered: