Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Leantime Stored Cross-site Scripting Vulnerability
Vulnerability Description
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Leantime Systems Leantime 跨站脚本漏洞
Vulnerability Description
Leantime Systems Leantime是美国Leantime Systems公司的一套基于PHP和MySQL的开源项目管理系统。 Leantime 2.3.21及之后版本存在安全漏洞,该漏洞源于具有评论权限的户可以将恶意 Javascript 注入评论中,一旦用户将恶意评论加载到浏览器中,恶意 Javascript 代码就会执行。
CVSS Information
N/A
Vulnerability Type
N/A