Reflected XSS in type url parameter in leantime/leantime


Reported on

Jun 28th 2022


The application has a reflected xss vulnerability in the url parameter type.

Proof of Concept

// PoC.js
var payload = "><script>alert(document.cookie)</script>


If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform.

We are processing your report and will contact the leantime team within 24 hours. a month ago
Elijah Rodgers
a month ago


I have video PoC if necessary. I submitted this vulnerability via email about a week ago as well.

We have contacted a member of the leantime team and are waiting to hear back a month ago
We have sent a follow up to the leantime team. We will try again in 7 days. a month ago
We have sent a second follow up to the leantime team. We will try again in 10 days. 25 days ago
Marcel Folaron validated this vulnerability 24 days ago
Elijah Rodgers has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Marcel Folaron confirmed that a fix has been merged on 00fed6 24 days ago
Marcel Folaron has been awarded the fix bounty
to join this conversation