Security Advisory

CVE-2023-33961

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-30 21:34:00
Last updated 2025-01-10 16:49:49
Assigner GitHub_M
State PUBLISHED

Description

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.