In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27477.json",
"cna_assigner": "mitre"
}