#xss

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to [SNYK-JS-TARTEAUCITRONJS-8366541](https://security.snyk.io/vuln/SNYK-JS-TARTEAUCITRONJS-8366541)

### Summary There is a cross-site scripting vulnerability on To-Do that affects a title field of a To-Do.

### Description Leantime allows stored cross-site scripting (XSS) in the API key name while generating the API key. ### Impact Any low privileged user like manager, or editor, can create an API key with XSS payload. When admin will visit the Company page, the XSS will automatically get triggerred leading to the unauthorized action performed from the ADMIN account. Like, removing any user, or adding someone else as high privilege, and many more.

### Summary A cross-site scripting (XSS) vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not include any validation or sanitization of the $_GET["id"] parameter. As a result, it directly incorporates the user-supplied value into the source path without any checks.

### Summary Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. ### Details A Stored Cross-Site Scripting (XSS) vulnerability was found that could potentially compromise user data and pose a significant security risk to the platform. ### PoC - Create a project - Navigate to project - Visit to the integration - Add malicious payload inside the webhook and save it. - Notice the alert dialogue indicating successful execution of the XSS payload. ``` '';!--" onfocus=alert(0) autofocus="" onload=alert(3);="&{(alert(1))}" |="" mufazmi"=" ``` ``` '';!--" onfocus=alert(0) autofocus="" onload=alert(3);=>>"&{(alert(1))}" |="">> mufazmi"=">> ``` ### POC https://youtu.be/kqKFgsOqstg ### Impact This XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim's browser when they click on a specially crafted link. This could lead to various m...

### Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation and output encoding in the file upload process can prevent this exploit. Accessing and enhancing the relevant source code modules is crucial for addressing this security flaw effectively. ### Impact This XSS vulnerability allows attackers to inject malicious scripts into the Leantime application, compromising user data, session tokens, and potentially executing unauthorized actions on behalf of users. Exploitation could lead to account takeover, data theft, and unauthorized access to sensitive information, posing a significant risk to user privacy, data integrity, and system security.

STORED XSS +OPEN REDIRECTION in SVG uploads Vulnerable url:https://hack.leantime.io/projects/showProject/3