dead1nfluence

5 exploits Active since Apr 2024
CVE-2024-27476 GITHUB MEDIUM WRITEUP
Leantime 3.0.6 - HTML Injection via New Ticket Dashboard
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.
CVSS 4.7
CVE-2024-27477 GITHUB MEDIUM WRITEUP
Leantime 3.0.6 - Stored Cross-Site Scripting in Ticket Title Field
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.
CVSS 6.1
CVE-2024-27474 NOMISEC HIGH WRITEUP
Leantime 3.0.6 - Cross-Site Request Forgery
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.
CVSS 8.8
CVE-2024-27474 WRITEUP HIGH WRITEUP
Leantime 3.0.6 - Cross-Site Request Forgery
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.
CVSS 8.8
CVE-2025-11645 WRITEUP LOW WRITEUP
Tomofun Furbo Mobile App <7.57.0a - Info Disclosure
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4