Security Advisory

CVE-2024-27477

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-10 00:00:00

Last updated 2024-11-06 15:57:33

Assigner mitre

State PUBLISHED

Description

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

← Browse all CVEs View on cve.org ↗