GHSA-v4q9-437p-mhpg

Описание

Summary

A cross-site scripting (XSS) vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not include any validation or sanitization of the $_GET["id"] parameter. As a result, it directly incorporates the user-supplied value into the source path without any checks.