CVE-2024-22720

Severity Score

4.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.

Kanboard 1.2.34 es vulnerable a la inyección HTML en la función de administración de grupos.

*Credits: N/A

CVSS Scores

NISTv3.1 4.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-11 CVE Reserved
2024-01-24 CVE Published
2024-01-31 EPSS Updated
2024-11-13 CVE Updated
2024-11-13 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b	2024-11-13

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kanboard Search vendor "Kanboard"		Kanboard Search vendor "Kanboard" for product "Kanboard"				1.2.34 Search vendor "Kanboard" for product "Kanboard" and version "1.2.34"		-		Affected