National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:kanboard:kanboard:1.0.31
There are 21 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-7324

app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.

Published: February 04, 2019; 02:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-15212

In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.

Published: October 10, 2017; 09:32:55 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15211

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.

Published: October 10, 2017; 09:32:55 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.

Published: October 10, 2017; 09:32:55 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15209

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.

Published: October 10, 2017; 09:32:55 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15208

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.

Published: October 10, 2017; 09:32:55 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15207

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15206

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15205

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15204

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15203

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15202

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15201

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15200

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15199

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15198

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15197

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15196

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15195

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

Published: October 10, 2017; 09:32:54 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

Published: August 14, 2017; 04:29:00 PM -04:00
V3: 8.8 HIGH
V2: 4.0 MEDIUM