CVE-2024-27477

MEDIUM

Leantime 3.0.6 - Stored Cross-Site Scripting in Ticket Title Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-27477. PoCs published by dead1nfluence.

AI-analyzed exploit summary The repository provides technical details and proof-of-concept steps for three vulnerabilities in Leantime 3.0.6: CSRF (CVE-2024-27474), HTML injection (CVE-2024-27476), and XSS leading to SSRF (CVE-2024-27477). It includes attack scenarios and screenshots but lacks functional exploit code.

Description

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

Exploits (1)

github WRITEUP
by dead1nfluence · poc
https://github.com/dead1nfluence/Leantime-POC

The repository provides technical details and proof-of-concept steps for three vulnerabilities in Leantime 3.0.6: CSRF (CVE-2024-27474), HTML injection (CVE-2024-27476), and XSS leading to SSRF (CVE-2024-27477). It includes attack scenarios and screenshots but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Leantime 3.0.6
Auth required
Prerequisites: Access to Leantime instance · Ability to lure admin/user to malicious link
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0063
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
leantime/leantime 3.0.6
Published Apr 10, 2024
Tracked Since Feb 18, 2026