cvedb.io
CVE-2023-32685
MEDIUM · CVSS 4.4
EPSS exploitation probability: 0%
Published 2023-05-30T05:15:11.770 · Last modified 2026-06-17T05:59:23.230

Summary

Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.

Affected products

kanboard — kanboard

Does this affect you?

Add your gear to cvedb and we'll alert you only when kanboard ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.