Kanboard

Kanboard

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-52560

Medienbericht Exploit
  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 02:56:26
  • Zuletzt bearbeitet 13.01.2026 19:35:51

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is uns...

5.4

CVE-2025-46825

Exploit
  • EPSS 0.08%
  • Veröffentlicht 12.05.2025 22:53:42
  • Zuletzt bearbeitet 11.07.2025 14:41:27

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationControll...

6.5

CVE-2024-55603

Exploit
  • EPSS 0.6%
  • Veröffentlicht 19.12.2024 00:15:06
  • Zuletzt bearbeitet 12.03.2025 17:42:31

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`...

5.5

CVE-2024-54001

Exploit
  • EPSS 0.07%
  • Veröffentlicht 05.12.2024 16:15:26
  • Zuletzt bearbeitet 10.03.2025 17:33:24

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_...

7.2

CVE-2024-51748

Exploit
  • EPSS 0.45%
  • Veröffentlicht 11.11.2024 20:15:19
  • Zuletzt bearbeitet 10.03.2025 17:47:47

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loade...

7.2

CVE-2024-51747

Exploit
  • EPSS 1.47%
  • Veröffentlicht 11.11.2024 20:15:19
  • Zuletzt bearbeitet 10.03.2025 17:50:49

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through ...

6.3

CVE-2024-36399

Exploit
  • EPSS 0.18%
  • Veröffentlicht 06.06.2024 16:15:12
  • Zuletzt bearbeitet 21.11.2024 09:22:06

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter pro...

4.8

CVE-2024-22720

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.01.2024 18:15:08
  • Zuletzt bearbeitet 05.06.2025 16:15:26

Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.

8.8

CVE-2023-36813

Exploit
  • EPSS 0.05%
  • Veröffentlicht 05.07.2023 22:15:09
  • Zuletzt bearbeitet 10.04.2025 20:47:18

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some in...

6.5

CVE-2023-33956

Exploit
  • EPSS 0.06%
  • Veröffentlicht 05.06.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:06:17

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerabilit...