Cross Site Scripting vulnerability in Leantime v3.0.6 allows malicious users to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
Vulmon