Security Advisory

CVE-2025-28254

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-28 00:00:00

Last updated 2025-04-01 20:08:41

Assigner mitre

State PUBLISHED

Description

Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().

← Browse all CVEs View on cve.org ↗