IDCVSSSummaryLast (major) updatePublished
CVE-2019-7324 4.3
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
04-02-2019 - 14:29 04-02-2019 - 14:29
CVE-2017-15212 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15211 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15210 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15209 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15208 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15207 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15206 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15205 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15204 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15203 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15202 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15201 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15200 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15199 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15198 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15197 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15196 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-15195 4.0
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
10-10-2017 - 21:32 10-10-2017 - 21:32
CVE-2017-12851 4.0
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
14-08-2017 - 16:29 14-08-2017 - 16:29
CVE-2017-12850 4.0
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
14-08-2017 - 16:29 14-08-2017 - 16:29
CVE-2014-3920 6.8
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
07-07-2014 - 09:31 03-07-2014 - 10:55
Back to Top Mark selected
Back to Top