HTML Injection Vulnerability in Leantime by Leantime
CVE-2024-27476

4.7MEDIUM

Key Information:

Vendor

Leantime

Status
Vendor
CVE Published:
10 April 2024

What is CVE-2024-27476?

Leantime 3.0.6 has a security vulnerability that allows for HTML injection through the endpoint /dashboard/show#/tickets/newTicket. This weakness can potentially allow attackers to inject arbitrary HTML into web applications, which may lead to further exploitation such as cross-site scripting (XSS). Users of the affected versions are encouraged to upgrade to remediate this issue effectively.

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.