Home > Vulnerability Database > CVE-2023-31779

Mend.io Vulnerability Database

CVE-2023-31779

Good to know:

Date: May 21, 2023

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

Language: JS

Severity Score

5.4

Related Resources (4)

Url: https://github.com/wekan/wekan/blob/master/CHANGELOG.md

Url: https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-31779

Url: https://www.mend.io/vulnerability-database/CVE-2023-31779

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v6.85

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-31779

Good to know:

Date: May 21, 2023

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?