Lucene search
+L

14 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.8 views

CVE-2024-27477

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets also known as to-dos. This stored XSS vulnerability can be exploited to perform...

6.1CVSS5.7AI score0.00628EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.8 views

CVE-2024-27703

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

5.4CVSS7.3AI score0.00542EPSS
Exploits1References1
NVD
NVD
added 2024/04/10 3:16 p.m.15 views

CVE-2024-27476

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...

4.7CVSS6.7AI score0.00646EPSS
Exploits2References3
NVD
NVD
added 2024/04/10 3:16 p.m.19 views

CVE-2024-27477

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets also known as to-dos. This stored XSS vulnerability can be exploited to perform...

6.1CVSS5.5AI score0.00628EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2024/04/10 12:0 a.m.15 views

CVE-2024-27474

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery CSRF. This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators...

6.7AI score0.00651EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/04/10 12:0 a.m.20 views

CVE-2024-27476

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...

7.3AI score0.00646EPSS
Exploits2References3
CVE
CVE
added 2024/04/10 12:0 a.m.51 views

CVE-2024-27476

CVE-2024-27476 affects Leantime 3.0.6 and is reported as an HTML Injection vulnerability exposed via /dashboard/show#/tickets/newTicket. The public records consistently describe an HTML injection path in the Tickets UI, with CVSSv3.1 metrics: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N, base score 4.7 (M...

4.7CVSS7AI score0.00646EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2024/04/10 12:0 a.m.68 views

CVE-2024-27474

Leantime 3.0.6 has a CSRF vulnerability allowing an attacker to perform unauthorized actions with admin privileges. Exploitation evidence exists (PoC repo) and multiple sources confirm the issue. No publicly documented fix version is provided in the connected documents; some sources indicate no i...

8.8CVSS6.6AI score0.00651EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2024/04/10 12:0 a.m.24 views

CVE-2024-27476

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show/tickets/newTicket...

7AI score0.00646EPSS
Exploits2References3
NVD
NVD
added 2024/03/13 10:15 p.m.22 views

CVE-2024-27703

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

5.4CVSS7AI score0.00542EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 10:15 p.m.20 views

Cross site scripting

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

7.6AI score0.00542EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/03/13 12:0 a.m.11 views

CVE-2024-27703

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

5.8AI score0.00542EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/13 12:0 a.m.30 views

CVE-2024-27703

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

7.2AI score0.00542EPSS
Exploits1References1
CVE
CVE
added 2024/03/13 12:0 a.m.38 views

CVE-2024-27703

Leantime 3.0.6 is affected by a Cross Site Scripting (XSS) vulnerability in the to-do title parameter. Red Hat/Other sources indicate this can be stored XSS, enabling a remote attacker to execute arbitrary code in the context of an authenticated user. No explicit affected products beyond Leantime...

5.4CVSS7.2AI score0.00542EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder