CVE-2023-33969

Name of the Vulnerable Software and Affected Versions Kanboard versions prior to 1.2.30

Description A stored Cross-site scripting (XSS) issue allows an attacker to execute arbitrary Javascript, exposing users who view the task containing the malicious code to the XSS attack. The default CSP header configuration blocks this javascript attack.

Recommendations For versions prior to 1.2.30, upgrade to version 1.2.30 or later to resolve the issue. As a temporary workaround for users unable to upgrade, ensure that a restrictive CSP header configuration is in place to minimize the risk of exploitation.