mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 19:21:37 +00:00
28 lines
1.0 KiB
JSON
28 lines
1.0 KiB
JSON
{
|
|
"id": "CVE-2024-27477",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-04-10T15:16:04.980",
|
|
"lastModified": "2024-04-10T19:49:51.183",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |