2 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to improper authorization checks on the Host parameter. An attacker can view profile information of other users by manipulating the Host parameter. Remediation Upgrade leantime/leantime to version 3.3 or higher...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the user details viewing functionality. An attacker can manipulate the host header in HTTP requests to gain unauthorized access to view...