CVE-2025-28254
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
Leantime is a goals focused project management system for non-project managers. Building with ADHD, Autism, and dyslexia in mind.
GitHub