14 matches found
CVE-2024-27477
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets also known as to-dos. This stored XSS vulnerability can be exploited to perform...
CVE-2024-27703
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...
CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...
CVE-2024-27477
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets also known as to-dos. This stored XSS vulnerability can be exploited to perform...
CVE-2024-27474
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery CSRF. This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators...
CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...
CVE-2024-27476
CVE-2024-27476 affects Leantime 3.0.6 and is reported as an HTML Injection vulnerability exposed via /dashboard/show#/tickets/newTicket. The public records consistently describe an HTML injection path in the Tickets UI, with CVSSv3.1 metrics: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N, base score 4.7 (M...
CVE-2024-27474
Leantime 3.0.6 has a CSRF vulnerability allowing an attacker to perform unauthorized actions with admin privileges. Exploitation evidence exists (PoC repo) and multiple sources confirm the issue. No publicly documented fix version is provided in the connected documents; some sources indicate no i...
CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...
CVE-2024-27703
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...
Cross site scripting
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...
CVE-2024-27703
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...
CVE-2024-27703
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...
CVE-2024-27703
Leantime 3.0.6 is affected by a Cross Site Scripting (XSS) vulnerability in the to-do title parameter. Red Hat/Other sources indicate this can be stored XSS, enabling a remote attacker to execute arbitrary code in the context of an authenticated user. No explicit affected products beyond Leantime...