Advisories for Composer/Leantime/Leantime package

By exploiting this vulnerability an attacker can able to view profile information (but not anything else or change anything)

A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.

Leantime allows stored cross-site scripting (XSS) in the API key name while generating the API key.

STORED XSS +OPEN REDIRECTION in SVG uploads Vulnerable url:https://hack.leantime.io/projects/showProject/3

Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.

The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation and output encoding in the file upload process can prevent this exploit. Accessing and enhancing the relevant source code modules is crucial for addressing this security flaw effectively.

There is a cross-site scripting vulnerability on To-Do that affects a title field of a To-Do.

A cross-site request forgery vulnerability allows a remote actor to create an account with Owner privileges. By luring an Owner or Administrator into clicking a button on an attacker-controlled website, a request will be issued, generating an account with the attacker's information and role of their choosing.

A cross-site scripting (XSS) vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not include any validation or sanitization of the $_GET["id"] parameter. As a result, it directly incorporates the user-supplied value into the source path without any checks.

HTML can be arbitrarily injected into emails from Leantime due to improper neutralization of HTML tags in users' first names. This effectively allows for the creation of phishing emails from a Leantime instance's email address.

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security. 3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.