security-advisories@github.com reports:
Kanboard is project management software that focuses on the Kanban
methodology. Due to improper handling of elements under the
`contentEditable` element, maliciously crafted clipboard content
can inject arbitrary HTML tags into the DOM. A low-privileged
attacker with permission to attach a document on a vulnerable
Kanboard instance can trick the victim into pasting malicious
screenshot data and achieve cross-site scripting if CSP is improperly
configured. This issue has been patched in version 1.2.29.