DEBIAN-CVE-2024-54001

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-54001

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-54001.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-54001

Upstream

CVE-2024-54001

Published

2024-12-05T16:15:26.650Z

Modified

2025-11-17T04:29:35.673185Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.

References

https://security-tracker.debian.org/tracker/CVE-2024-54001

Affected packages

Debian:14 / kanboard

Package

Name: kanboard
Purl: pkg:deb/debian/kanboard?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.44+ds-1

Affected versions

1.*

1.2.22+ds-1

1.2.23+ds-1

1.2.23+ds-1.1

1.2.25+ds-1

1.2.25+ds-2

1.2.25+ds-3

1.2.26+ds-1

1.2.26+ds-2

1.2.26+ds-3

1.2.26+ds-4

1.2.30+ds-1

1.2.31+ds-1

1.2.31+ds2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}