Arbitrary Code Execution via Cross-Site Scripting (XSS) in Leantime v3.0.6
CVE-2024-27705
7.6HIGH
What is CVE-2024-27705?
A security vulnerability exists within Leantime v3.0.6 that permits Cross Site Scripting (XSS) attacks. This vulnerability arises when an attacker uploads a specially crafted PDF file to the files/browse endpoint, enabling the execution of arbitrary code. Proper sanitization and validation of file uploads are essential to mitigate such risks, as failure to do so can lead to unauthorized actions affecting both the server and users accessing the application.
