[MEDIUM] Leantime has HTML injection through firstname and lastname fields

PKSA-xts7-ftgj-xm47 GHSA-qrfh-cc86-vc8c

Affected package: leantime/leantime

Affected version: <3.3.0

Reported by:
GitHub