Описание
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
Ссылки
- Release Notes
- Patch
- Release Notes
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 6.84 (включая)
cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00196
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
EPSS
Процентиль: 42%
0.00196
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79