Описание
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.
Уязвимые конфигурации
Конфигурация 1Версия от 2.3.21 (включая)
cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00284
Низкий
8.9 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 51%
0.00284
Низкий
8.9 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79