In Leantime 3.0.6, a Cross-Site... CVE-2024-27477

- AV AC AU C I A
发布: 2024-04-10
修订: 2024-04-10

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

0%
暂无可用Exp或PoC
当前有0条受影响产品信息