CVE-2023-31779

MEDIUM

Wekan < 6.84 - Authenticated Stored Cross-Site Scripting via Reaction to Comment Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31779. PoCs published by jet-pentest.

AI-analyzed exploit summary This repository contains a writeup for CVE-2023-31779, a stored XSS vulnerability in Wekan's 'Reaction to comment' feature. The vulnerability allows an attacker with user privileges to execute JavaScript code in the browsers of users who open a card with a malicious reaction.

Description

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

Exploits (1)

nomisec WRITEUP 1 stars
by jet-pentest · poc
https://github.com/jet-pentest/CVE-2023-31779

This repository contains a writeup for CVE-2023-31779, a stored XSS vulnerability in Wekan's 'Reaction to comment' feature. The vulnerability allows an attacker with user privileges to execute JavaScript code in the browsers of users who open a card with a malicious reaction.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Wekan v5.49 - v6.84
Auth required
Prerequisites: User privileges on a kanban board · Ability to intercept and modify HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0056
EPSS Percentile 42.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
wekan_project/wekan < 6.84
Published May 22, 2023
Tracked Since Feb 18, 2026