Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote malicious user to execute arbitrary code via the to-do title parameter.