exploitDog

CVE-2024-27476

Опубликовано: 10 апр. 2024

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.

Ссылки

https://drive.proton.me/urls/X9G9MY1FAW#NLS8RkHUihLY
Broken Link
https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20
Product
https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md
Exploit
Third Party Advisory
https://drive.proton.me/urls/X9G9MY1FAW#NLS8RkHUihLY
Broken Link
https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20
Product
https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leantime:leantime:3.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00211

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-cp8r-2jwf-q8jj

CVSS3: 4.7

github

почти 2 года назад

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.

EPSS

Процентиль: 43%

0.00211

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-94