{"id":"CVE-2021-20654","details":"Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.","modified":"2026-04-12T01:00:58.892865Z","published":"2021-02-10T09:15:12.887Z","references":[{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN80785288/"},{"type":"EVIDENCE","url":"https://wekan.github.io/hall-of-fame/fieldbleed/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wekan/wekan","events":[{"introduced":"46cd1aced9e96494765073bae4073491f0c2f318"},{"last_affected":"a7d12ddcaaf01846e7334233bdb9deb08d42f242"}],"database_specific":{"extracted_events":[{"introduced":"3.12"},{"last_affected":"4.11"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*"}}],"versions":["v3.12","v3.13","v3.14","v3.15","v3.16","v3.17","v3.18","v3.19","v3.20","v3.21","v3.22","v3.23","v3.24","v3.25","v3.26","v3.27","v3.29","v3.30","v3.31","v3.32","v3.33","v3.34","v3.35","v3.36","v3.37","v3.38","v3.39","v3.40","v3.41","v3.42","v3.43","v3.44","v3.45","v3.46","v3.47","v3.48","v3.49","v3.50","v3.51","v3.52","v3.53","v3.54","v3.55","v3.56","v3.57","v3.58","v3.59","v3.60","v3.61","v3.62","v3.63","v3.64","v3.65","v3.66","v3.67","v3.68","v3.69","v3.70","v3.71","v3.73","v3.74","v3.75","v3.76","v3.77","v3.78","v3.79","v3.80","v3.81","v3.82","v3.83","v3.84","v3.85","v3.86","v3.87","v3.88","v3.89","v3.90","v3.91","v3.92","v3.93","v3.94","v3.95","v3.96","v3.97","v3.98","v3.99","v4.00","v4.01","v4.02","v4.03","v4.04","v4.05","v4.06","v4.07","v4.08","v4.09","v4.10","v4.11"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20654.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}