Headline
CVE-2023-47437: GitHub - pachno/pachno
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.
Pachno open collaboration platform
Pachno is an open source platform for collaboration: issue tracking, project management, documentation, code and more.
With Pachno you get:
- A powerful documentation editor for all your teams documentation needs
- Workflow support with custom workflow configuration
- Planning boards with kanban and scrum features
- Issue tracking including custom fields and data
- Time tracking for individual tasks and user
- Team support for multiple teams and clients
- Built-in features for supporting a wide range of projects and configurations
- An extensible module-based platform, built to expand and improve
… and a lot more!
Installation
Follow the instructions in the installation guide for detailed installation instructions.
Reporting issues
If you find any issues, please report them in the issue tracker on our website: https://projects.pach.no
Development and testing using Vagrant
If you want to write code for Pachno, either to test out extensions or contribute bug-fixes or features, you can get up and running quickly using the provided development set-up.
Getting involved
Our community of helpful and friendly volunteers is always growing. If you are looking for an opensource project to get involved with, we’d love to get you onboard! Here, you get to influence in a meaningful way. In no particular order:
- writing documentation, guides and articles
- triaging (verifying) and investigating issues
- suggest and influence new features
- writing code
- improve design and suggest new ones
- contribute in our online community by either participating or moderating
- testing and QA
If you want to pop by and chat, join us on https://pachno.zulipchat.com Prefer to get your hands dirty? Have a look at our issues on https://projects.pach.no/pachno Visit our online community at https://forum.pach.no