Alexander Starikov

**Nome do software vulnerável e versões afetadas** Versões do Kickdler anteriores à 1.107.0 **Descrição** A vulnerabilidade permite que invasores enviem uma carga XSS por meio de um ataque de divisão de resposta HTTP. **Recomendações** Para versões anteriores à 1.107.0, atualize para a versão 1.107.0 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Wekan versions 6.84 and earlier **Description** The issue allows an attacker with user privilege on a kanban board to insert JavaScript code in the "Reaction to comment" feature, leading to Cross Site Scripting (XSS). **Recommendations** For Wekan versions 6.84 and earlier, as a temporary workaround, consider disabling the "Reaction to comment" feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.