VYPR
Medium severity6.1NVD Advisory· Published Apr 10, 2024· Updated Jun 17, 2026

CVE-2024-27477

CVE-2024-27477

Description

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Leantime/Leantimecpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <3.0.6

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.