Reflected XSS in type url parameter in leantime/leantime
Jun 28th 2022
The application has a reflected xss vulnerability in the url parameter
Proof of Concept
// PoC.js var payload = "><script>alert(document.cookie)</script>
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform.