Bounties
Partners
Community
Info
plankanban / planka
Project repository
The realtime kanban board for workgroups built with React and Redux.
Submit a report
FIRST INTERACTION
WITHIN
2 DAYS
REVIEW
WITHIN
4 DAYS
FIX
WITHIN
13 DAYS
No Limit in length of new project name,results in memory consumption/DOS attack...
Sep 28th 2022
qwertui0p
•
informative
Medium
planka v1.7.3 allows improper authorize issues in the change the username . The...
Aug 31st 2022
huy3npn
•
informative
High
planka v1.7.3 allows improper access control issues in the change photo. The imp...
Aug 31st 2022
huy3npn
•
informative
High
Tabnabbing on spec-disrespecting browsers
Aug 30th 2022
ndren
•
Medium
Medium
Viewer role can tamper everyone's comment
Aug 31st 2022
nerrorsec
•
informative
High
Viewer can become Editor without Administrator
Aug 31st 2022
nerrorsec
•
informative
High
Session does not expire on logout
Sep 7th 2022
nerrorsec
•
High
High
User Enumeration Via Login Error Message
Aug 8th 2022
akshayravic09yc47
•
duplicate
Low
No Ratelimit Protection On Login Field Leads To Possible Account Takeover
Aug 5th 2022
akshayravic09yc47
•
duplicate
Critical
Cookie without HttpOnly flag set
Aug 8th 2022
7h3h4ckv157
•
informative
Low
Email enumeration via Login page
Aug 8th 2022
khanhchauminh
•
informative
High
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Aug 8th 2022
7h3h4ckv157
•
informative
High
Cross-Site Request Forgery
Aug 9th 2022
vultza
•
Medium
Medium
Denial of Service via Attachment Upload
Aug 26th 2022
vultza
•
High
•
$10
High
•
$10
Weak password policy on account creation/password update
Aug 26th 2022
vultza
•
High
•
$10
High
•
$10
No password brute-force protection on login page
Aug 24th 2022
vultza
•
Critical
•
$20
Critical
•
$20
Path Traversal
Aug 3rd 2022
vultza
•
High
•
$10
High
•
$10
•
CVE-2022-2653
CVE-2022-2653
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
