Leantime Stored Cross-site Scripting Vulnerability
CVE-2023-33961

5.4MEDIUM

Key Information:

Vendor

Leantime

Status
Vendor
CVE Published:
30 May 2023

What is CVE-2023-33961?

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.

Affected Version(s)

leantime => 2.3.21

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.