← Back to CVE List

CVE-2023-32685

Published: 2023-05-30T05:15Z
Last Modified: 2024-11-21T08:03Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt