{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-27477", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-06T15:57:33.528Z", "dateReserved": "2024-02-26T00:00:00.000Z", "datePublished": "2024-04-10T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-10T15:04:53.316Z"}, "descriptions": [{"lang": "en", "value": "In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20"}, {"url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt"}, {"url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-15T16:04:24.221743Z", "id": "CVE-2024-27477", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T15:57:33.528Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:55.998Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20", "tags": ["x_transferred"]}, {"url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt", "tags": ["x_transferred"]}, {"url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/analyzing-leantime-xss-for-the-fun-time-diving-into-cve-2024-27477-for-a-beginner"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20", "tags": ["x_transferred"]}, {"url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt", "tags": ["x_transferred"]}, {"url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/analyzing-leantime-xss-for-the-fun-time-diving-into-cve-2024-27477-for-a-beginner"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:55.998Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27477", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-15T16:04:24.221743Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:23.778Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20"}, {"url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt"}, {"url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-10T15:04:53.316167"}}}, "cveMetadata": {"cveId": "CVE-2024-27477", "state": "PUBLISHED", "dateUpdated": "2024-11-06T15:57:33.528Z", "dateReserved": "2024-02-26T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-10T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:leantime:leantime:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B780DD5A-3641-45B4-A961-0EB7F71ABD75", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks."}, {"lang": "es", "value": "En Leantime 3.0.6, existe una vulnerabilidad de Cross-Site Scripting dentro de la funcionalidad de creaci\u00f3n y modificaci\u00f3n de tickets, lo que permite a los atacantes inyectar c\u00f3digo JavaScript malicioso en el campo de t\u00edtulo de los tickets (tambi\u00e9n conocido como tareas pendientes). Esta vulnerabilidad XSS almacenada se puede aprovechar para realizar ataques de Server-Side Request Forgery (SSRF)."}], "id": "CVE-2024-27477", "lastModified": "2025-04-08T15:21:48.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-10T15:16:04.980", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://drive.proton.me/urls/35CKB8RV04#sEubCKVOuXqt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vicarius.io/vsociety/posts/analyzing-leantime-xss-for-the-fun-time-diving-into-cve-2024-27477-for-a-beginner"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}