Leantime: >> Leantime >> 2.4.7 Security Vulnerabilities
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
CVSS Score
5.4
EPSS Score
0.0
Published
2025-03-28
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.
CVSS Score
8.9
EPSS Score
0.003
Published
2023-05-30