CVE-2024-54001

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.41

Description: Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application language, application date format, application timezone, and application time format allow arbitrary user input which is reflected. This issue can become a cross-site scripting (XSS) vulnerability if the user input is JavaScript code that bypasses Content Security Policy (CSP).

Recommendations: For versions prior to 1.2.41, update to version 1.2.41 to resolve the issue. As a temporary workaround, consider restricting user input in the application language, application date format, application timezone, and application time format fields to prevent arbitrary HTML injection.