CVE-2025-65778

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 18.16

Description An issue exists in Wekan, an open-source kanban board system, where uploaded attachments can be served with a Content-Type controlled by an attacker (specifically, text/html). This allows for the execution of attacker-supplied HTML and JavaScript code within the application’s origin. Successful exploitation could lead to session or token theft and Cross-Site Request Forgery (CSRF) actions.

Recommendations Update to version 18.16 or later.