ghsa-63cr-xg3f-8jvr
Vulnerability from github
Published
2025-02-21 22:15
Modified
2025-02-21 22:15
Severity ?
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Leantime allows Stored Cross-Site Scripting (XSS)
Details

Summary

Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.

Details

A Stored Cross-Site Scripting (XSS) vulnerability was found that could potentially compromise user data and pose a significant security risk to the platform.

PoC

  • Create a project
  • Navigate to project
  • Visit to the integration
  • Add malicious payload inside the webhook and save it.
  • Notice the alert dialogue indicating successful execution of the XSS payload. '';!--" onfocus=alert(0) autofocus="" onload=alert(3);="&{(alert(1))}" |="" mufazmi"=" '';!--" onfocus=alert(0) autofocus="" onload=alert(3);=>>"&{(alert(1))}" |="">> mufazmi"=">>

POC

https://youtu.be/kqKFgsOqstg

Impact

This XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim's browser when they click on a specially crafted link. This could lead to various malicious activities, including session hijacking, stealing sensitive information such as cookies or login credentials, and potentially compromising the entire platform's security.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "leantime/leantime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-21T22:15:52Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nStored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. \n\n### Details\nA Stored Cross-Site Scripting (XSS) vulnerability was found that could potentially compromise user data and pose a significant security risk to the platform.\n\n### PoC\n\n- Create a project\n- Navigate to project\n- Visit to the integration\n- Add malicious payload inside the webhook and save it.\n- Notice the alert dialogue indicating successful execution of the XSS payload.\n```\n\u0027\u0027;!--\" onfocus=alert(0) autofocus=\"\"  onload=alert(3);=\"\u0026amp;{(alert(1))}\" |=\"\" mufazmi\"=\"\n```\n```\n\u0027\u0027;!--\" onfocus=alert(0) autofocus=\"\"  onload=alert(3);=\u003e\u003e\"\u0026amp;{(alert(1))}\" |=\"\"\u003e\u003e mufazmi\"=\"\u003e\u003e\n```\n### POC\nhttps://youtu.be/kqKFgsOqstg\n\n\n### Impact\nThis XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim\u0027s browser when they click on a specially crafted link. This could lead to various malicious activities, including session hijacking, stealing sensitive information such as cookies or login credentials, and potentially compromising the entire platform\u0027s security.",
  "id": "GHSA-63cr-xg3f-8jvr",
  "modified": "2025-02-21T22:15:52Z",
  "published": "2025-02-21T22:15:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Leantime/leantime/security/advisories/GHSA-63cr-xg3f-8jvr"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Leantime/leantime"
    },
    {
      "type": "WEB",
      "url": "https://youtu.be/kqKFgsOqstg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Leantime allows Stored Cross-Site Scripting (XSS)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.