CVE-2023-31779 | HackTesting

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

References

https://github.com/wekan/wekan/blob/master/CHANGELOG.md

https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279