Cross Site Scripting Vulnerability in Leantime Project Management Software
CVE-2025-28254

Currently unrated

Key Information:

Vendor

Leantime

Vendor
CVE Published:
28 March 2025

What is CVE-2025-28254?

A Cross Site Scripting (XSS) vulnerability exists in Leantime project management software versions 3.2.1 and earlier. Authenticated attackers can exploit this flaw via the 'first name' field in the processMentions() function, leading to the execution of arbitrary code and the potential exposure of sensitive information. This vulnerability highlights the importance of sanitizing user inputs to protect against code injection and data breaches.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.