Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leantime vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27474
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.
1 Github repository
NA
CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.
1 Github repository
NA
CVE-2024-27477
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing malicious users to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be expl...
1 Github repository
NA
CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows malicious users to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
NA
CVE-2024-27703
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote malicious user to execute arbitrary code via the to-do title parameter.
NA
CVE-2023-45826
Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerabi...
Leantime Leantime 2.4
Leantime Leantime
NA
CVE-2023-33961
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code exec...
Leantime Leantime
6.5
CVSSv2
CVE-2020-5292
Leantime prior to 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the user...
Leantime Leantime
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started