CVE-2024-27476

MEDIUM

Leantime 3.0.6 - HTML Injection via New Ticket Dashboard

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-27476. PoCs published by dead1nfluence.

AI-analyzed exploit summary The repository provides a detailed technical writeup for CVE-2024-27476, an HTML injection vulnerability in Leantime 3.0.6. It includes step-by-step exploitation details, screenshots, and a clear explanation of the attack vector, demonstrating a thorough understanding of the vulnerability.

Description

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.

Exploits (1)

github WRITEUP
by dead1nfluence · poc
https://github.com/dead1nfluence/Leantime-POC

The repository provides a detailed technical writeup for CVE-2024-27476, an HTML injection vulnerability in Leantime 3.0.6. It includes step-by-step exploitation details, screenshots, and a clear explanation of the attack vector, demonstrating a thorough understanding of the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Leantime 3.0.6
Auth required
Prerequisites: Access to create a ticket in Leantime · Victim interaction to click the injected link
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 4.7
EPSS 0.0065
EPSS Percentile 46.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-94
Status published
Products (1)
leantime/leantime 3.0.6
Published Apr 10, 2024
Tracked Since Feb 18, 2026