CVE-2023-33961

Published May 30th, 2023

View on NVD ↗

CVSS v3

8.9

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.

Leantime/leantime

Leantime is a goals focused project management system for non-project managers. Building with ADHD, Autism, and dyslexia in mind.

GitHub

9.98K