CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27476
https://notcve.org/view.php?id=CVE-2024-27476
10 Apr 2024 — Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. Leantime 3.0.6 es vulnerable a la inyección de HTML a través de /dashboard/show#/tickets/newTicket. • https://github.com/dead1nfluence/Leantime-POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27474
https://notcve.org/view.php?id=CVE-2024-27474
10 Apr 2024 — Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. Leantime 3.0.6 es vulnerable a Cross-Site Request Forgery (CSRF). Esta vulnerabilidad permite a actores malintencionados realizar acciones no autorizadas en nombre de usuarios autenticados, específicamente administradores. • https://github.com/dead1nfluence/Leantime-POC • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27705
https://notcve.org/view.php?id=CVE-2024-27705
03 Apr 2024 — Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. La vulnerabilidad de Cross Site Scripting en Leantime v3.0.6 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo PDF manipulado en el endpoint de archivos/exploración. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27703
https://notcve.org/view.php?id=CVE-2024-27703
13 Mar 2024 — Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. Una vulnerabilidad de Cross Site Scripting en Leantime 3.0.6 permite a un atacante remoto ejecutar código arbitrario a través del parámetro de título de tareas pendientes. • https://github.com/b-hermes/vulnerability-research/blob/main/CVE-2024-27703/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 16%CPEs: 5EXPL: 0CVE-2023-45826 – Authenticated SQL Injection in leantime
https://notcve.org/view.php?id=CVE-2023-45826
19 Oct 2023 — Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. • https://github.com/Leantime/leantime/commit/be75f1e0f311d11c00a0bdc7079a62eef3594bf0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33961 – Leantime Stored Cross-site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-33961
30 May 2023 — Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist. • https://github.com/Leantime/leantime/security/advisories/GHSA-359m-fp6q-65r7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5292 – Time-based blind injection in Leantime
https://notcve.org/view.php?id=CVE-2020-5292
31 Mar 2020 — Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" when sending a POST request to "/tickets/showKanban" with a valid session. • https://github.com/Leantime/leantime/commit/af0807f0b2c4c3c914b93f1c5d940e6b875f231f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •