HTML Injection Vulnerability in Leantime by Leantime
CVE-2024-27476
4.7MEDIUM
What is CVE-2024-27476?
Leantime 3.0.6 has a security vulnerability that allows for HTML injection through the endpoint /dashboard/show#/tickets/newTicket. This weakness can potentially allow attackers to inject arbitrary HTML into web applications, which may lead to further exploitation such as cross-site scripting (XSS). Users of the affected versions are encouraged to upgrade to remediate this issue effectively.
