mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
904 B
904 B
CVE-2024-27477
Description
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.
POC
Reference
- https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md
- https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md