Name of the Vulnerable Software and Affected Versions Leantime (affected versions not specified)

Description The issue allows attackers to upload malicious image files containing XSS payloads to the "overdue" section. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. This exploit can be prevented by improving input validation and output encoding in the file upload process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.