CVE-2024-27477

MEDIUM

Leantime 3.0.6 - XSS

Title source: llm

Description

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

Exploits (1)

github WRITEUP

by dead1nfluence · poc

https://github.com/dead1nfluence/Leantime-POC

View Code ZIP pw:eip

References (4)

[Broken Link] https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt

[Product] https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20

View Writeup ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://www.vicarius.io/vsociety/posts/analyzing-leantime-xss-for-the-fun-time-diving-into-cve-2024-27477-for-a-beginner

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 46.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

leantime/leantime 3.0.6

Published Apr 10, 2024

Tracked Since Feb 18, 2026