Vulnerabilities > Wekan Project > Wekan > 1.59
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-28485 | Cross-site Scripting vulnerability in Wekan Project Wekan A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. | 5.4 |
| 2023-05-22 | CVE-2023-31779 | Cross-site Scripting vulnerability in Wekan Project Wekan Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2021-01-26 | CVE-2021-3309 | Improper Certificate Validation vulnerability in Wekan Project Wekan packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, | 8.1 |