Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/04/2024 Updated: 10/04/2024

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing malicious users to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

CVE-2024-27474, CVE-2024-27476, CVE-2024-27477

Leantime-POC CVE-2024-27474, CVE-2024-27476, CVE-2024-27477

https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20 https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md https://nvd.nist.gov https://github.com/dead1nfluence/Leantime-POC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-27477

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect