CVE-2024-34400

Name of the Vulnerable Software and Affected Versions VirtoSoftware Virto Kanban Board Web Part versions prior to 5.3.5.1 for SharePoint 2019

Description An issue was discovered in the software, specifically with the "/ layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx" API endpoint, where a LinkTitle2 XSS issue exists.

Recommendations For versions prior to 5.3.5.1, update to version 5.3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/ layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx" API endpoint to minimize the risk of exploitation.