app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
https://github.com/kanboard/kanboard/releases/tag/v1.2.8
https://github.com/kanboard/kanboard/commit/83deec2e3621c40d15a06e2491f27571d32fe10f
http://seclists.org/fulldisclosure/2019/May/41
http://packetstormsecurity.com/files/153093/Kanboard-1.2.7-Cross-Site-Scripting.html